Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:	Setup.exe
Analysis ID:	1416903
MD5:	67890fcc5a391a8914e9ffaf209abecd
SHA1:	d7f8448dee9b8f76a4b007bfe0da83f52eac674e
SHA256:	27be6ed296617b8b4fe5cf1e9a4c0e4547c81d3cbf4bce524792d8e971fb290f
Tags:	exeFAKEOFFICETROJANSCRIPTAGENT
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to detect sleep reduction / modifications

Sample or dropped binary is a compiled AutoHotkey binary

Uses Windows timers to delay execution

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May check if the current machine is a sandbox (GetTickCount - Sleep)

OS version to string mapping found (often used in BOTs)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

System is w10x64

Setup.exe (PID: 4852 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 67890FCC5A391A8914E9FFAF209ABECD)

cleanup

Code function: 0_2_000000014007E060 _wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,fclose,DeleteFileW,

0_2_000000014007E060

Source: Setup.exe	String found in binary or memory: https://autohotkey.com
Source: Setup.exe	String found in binary or memory: https://autohotkey.comCould

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140006640 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard,

0_2_0000000140006640

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400062A0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalFree,		0_2_00000001400062A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400B02B0 EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,		0_2_00000001400B02B0

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140006520 GetClipboardFormatNameW,GetClipboardData,

0_2_0000000140006520

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140054C20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,malloc,

0_2_0000000140054C20

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140016810 GetTickCount,PeekMessageW,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,

0_2_0000000140016810

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140001B0C GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer,

0_2_0000000140001B0C

System Summary

Sample or dropped binary is a compiled AutoHotkey binary

Source: C:\Users\user\Desktop\Setup.exe

Window found: window name: AutoHotkey

Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_000000014005F340: _swprintf,CreateFileW,DeviceIoControl,CloseHandle,

0_2_000000014005F340

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400818A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

0_2_00000001400818A0

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140020253	0_2_0000000140020253
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001E850	0_2_000000014001E850
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001EFC0	0_2_000000014001EFC0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014000D360	0_2_000000014000D360
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140005380	0_2_0000000140005380
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001F7A0	0_2_000000014001F7A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140001B0C	0_2_0000000140001B0C
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001FDB9	0_2_000000014001FDB9
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140055E40	0_2_0000000140055E40
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140094040	0_2_0000000140094040
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004604B	0_2_000000014004604B
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007E060	0_2_000000014007E060
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140010070	0_2_0000000140010070
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004E07B	0_2_000000014004E07B
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400CE090	0_2_00000001400CE090
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D20A4	0_2_00000001400D20A4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400B20D0	0_2_00000001400B20D0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005A130	0_2_000000014005A130
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D614C	0_2_00000001400D614C
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004A180	0_2_000000014004A180
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004C1B0	0_2_000000014004C1B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004636B	0_2_000000014004636B
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400803C0	0_2_00000001400803C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009641B	0_2_000000014009641B
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096429	0_2_0000000140096429
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007E430	0_2_000000014007E430
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096434	0_2_0000000140096434
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014000A460	0_2_000000014000A460
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400964F0	0_2_00000001400964F0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140028500	0_2_0000000140028500
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096509	0_2_0000000140096509
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096511	0_2_0000000140096511
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096527	0_2_0000000140096527
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140070540	0_2_0000000140070540
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005C550	0_2_000000014005C550
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007A590	0_2_000000014007A590
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400585B0	0_2_00000001400585B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140050625	0_2_0000000140050625
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004C650	0_2_000000014004C650
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005E660	0_2_000000014005E660
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014002A6A0	0_2_000000014002A6A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400986C0	0_2_00000001400986C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400726D0	0_2_00000001400726D0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009C710	0_2_000000014009C710
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400987AB	0_2_00000001400987AB
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400027BB	0_2_00000001400027BB
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400407C0	0_2_00000001400407C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007C7EF	0_2_000000014007C7EF
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014006E860	0_2_000000014006E860
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014000A880	0_2_000000014000A880
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140050894	0_2_0000000140050894
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400528A0	0_2_00000001400528A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140074900	0_2_0000000140074900
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140076940	0_2_0000000140076940
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009694C	0_2_000000014009694C
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140048950	0_2_0000000140048950
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400609C9	0_2_00000001400609C9
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400809F0	0_2_00000001400809F0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D89F4	0_2_00000001400D89F4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140020A4B	0_2_0000000140020A4B
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140058A70	0_2_0000000140058A70
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140046AC0	0_2_0000000140046AC0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140098AEC	0_2_0000000140098AEC
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140008B00	0_2_0000000140008B00
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400A8B70	0_2_00000001400A8B70
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140088BA0	0_2_0000000140088BA0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140054C20	0_2_0000000140054C20
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004AC30	0_2_000000014004AC30
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140044C80	0_2_0000000140044C80
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140050CC0	0_2_0000000140050CC0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007AD20	0_2_000000014007AD20
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140006D20	0_2_0000000140006D20
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140064D60	0_2_0000000140064D60
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140034DB5	0_2_0000000140034DB5
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140074DC0	0_2_0000000140074DC0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014006CDD0	0_2_000000014006CDD0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008EDF0	0_2_000000014008EDF0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140062E70	0_2_0000000140062E70
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400BAEBB	0_2_00000001400BAEBB
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008CF03	0_2_000000014008CF03
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140018F30	0_2_0000000140018F30
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140098F31	0_2_0000000140098F31
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014003EF50	0_2_000000014003EF50
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400DCF7C	0_2_00000001400DCF7C
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005AF80	0_2_000000014005AF80
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140060F90	0_2_0000000140060F90
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140012FA0	0_2_0000000140012FA0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096FB0	0_2_0000000140096FB0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400BCFF0	0_2_00000001400BCFF0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007EFF0	0_2_000000014007EFF0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140125000	0_2_0000000140125000
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007B090	0_2_000000014007B090
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005D0A0	0_2_000000014005D0A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400150B0	0_2_00000001400150B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400BB0E0	0_2_00000001400BB0E0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400570F0	0_2_00000001400570F0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D1130	0_2_00000001400D1130
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005F140	0_2_000000014005F140
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140059180	0_2_0000000140059180
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140039182	0_2_0000000140039182
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400111A0	0_2_00000001400111A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004F1C0	0_2_000000014004F1C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400A31D0	0_2_00000001400A31D0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140093200	0_2_0000000140093200
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140071210	0_2_0000000140071210
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009923D	0_2_000000014009923D
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F260	0_2_000000014008F260
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400172A0	0_2_00000001400172A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400032A4	0_2_00000001400032A4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004B2B0	0_2_000000014004B2B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400632E0	0_2_00000001400632E0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140051380	0_2_0000000140051380
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005F410	0_2_000000014005F410
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140085430	0_2_0000000140085430
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005B4C0	0_2_000000014005B4C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014003F4C0	0_2_000000014003F4C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008D4D0	0_2_000000014008D4D0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009D500	0_2_000000014009D500
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140025524	0_2_0000000140025524
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400DD560	0_2_00000001400DD560
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140043560	0_2_0000000140043560
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140065590	0_2_0000000140065590
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D5598	0_2_00000001400D5598
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009F5B0	0_2_000000014009F5B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400715AC	0_2_00000001400715AC
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007D5F8	0_2_000000014007D5F8
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400CF620	0_2_00000001400CF620
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400B1650	0_2_00000001400B1650
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140035686	0_2_0000000140035686
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400536A0	0_2_00000001400536A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014006F6B0	0_2_000000014006F6B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004D6F0	0_2_000000014004D6F0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140069730	0_2_0000000140069730
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140019740	0_2_0000000140019740
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140073790	0_2_0000000140073790
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400AF7B0	0_2_00000001400AF7B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F7BD	0_2_000000014008F7BD
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F7CC	0_2_000000014008F7CC
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F7E8	0_2_000000014008F7E8
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F80A	0_2_000000014008F80A
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F82B	0_2_000000014008F82B
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F837	0_2_000000014008F837
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F85D	0_2_000000014008F85D
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014003F860	0_2_000000014003F860
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140039860	0_2_0000000140039860
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F89E	0_2_000000014008F89E
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400878D1	0_2_00000001400878D1
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400998D8	0_2_00000001400998D8
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007B8FE	0_2_000000014007B8FE
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001B920	0_2_000000014001B920
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005D930	0_2_000000014005D930
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140091948	0_2_0000000140091948
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014003196C	0_2_000000014003196C
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140017970	0_2_0000000140017970
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140041980	0_2_0000000140041980
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400899C0	0_2_00000001400899C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400579C0	0_2_00000001400579C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004BA40	0_2_000000014004BA40
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140005A50	0_2_0000000140005A50
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400B7A60	0_2_00000001400B7A60
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140063B60	0_2_0000000140063B60
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140097B90	0_2_0000000140097B90
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400C7BA0	0_2_00000001400C7BA0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140099BB5	0_2_0000000140099BB5
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014003DBD0	0_2_000000014003DBD0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014002BBE0	0_2_000000014002BBE0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400ABBF0	0_2_00000001400ABBF0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140051BF0	0_2_0000000140051BF0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004FC05	0_2_000000014004FC05
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014006DC10	0_2_000000014006DC10
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005FC12	0_2_000000014005FC12
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014006BC60	0_2_000000014006BC60
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004DC70	0_2_000000014004DC70
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140085D70	0_2_0000000140085D70
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400ADDA0	0_2_00000001400ADDA0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140049DB0	0_2_0000000140049DB0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140061DF0	0_2_0000000140061DF0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014005BDF0	0_2_000000014005BDF0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004BE10	0_2_000000014004BE10
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140039E55	0_2_0000000140039E55
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014000DE60	0_2_000000014000DE60
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014004FEBC	0_2_000000014004FEBC
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140013F10	0_2_0000000140013F10
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008BF30	0_2_000000014008BF30
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D5F24	0_2_00000001400D5F24
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014002FF50	0_2_000000014002FF50

Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 00000001400401A0 appears 56 times
Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 00000001400404F0 appears 452 times
Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 00000001400C986C appears 391 times
Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 00000001400C9AC4 appears 59 times

Source: Setup.exe, 00000000.00000000.1612693837.0000000140132000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename vs Setup.exe
Source: Setup.exe	Binary or memory string: OriginalFilename vs Setup.exe

Source: C:\Users\user\Desktop\Setup.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: propsys.dll	Jump to behavior

Source: classification engine

Classification label: mal60.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140041980 _swprintf,CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW,

0_2_0000000140041980

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400818A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

0_2_00000001400818A0

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400609C9 wcsncpy,GetDiskFreeSpaceW,GetLastError,malloc,

0_2_00000001400609C9

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140081B30 CreateToolhelp32Snapshot,Process32FirstW,_wcstoi64,Process32NextW,Process32NextW,CloseHandle,CloseHandle,CloseHandle,

0_2_0000000140081B30

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140082030 CLSIDFromProgID,CLSIDFromString,CLSIDFromString,CoCreateInstance,CoCreateInstance,

0_2_0000000140082030

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400AE5E0 LoadLibraryExW,EnumResourceNamesW,FindResourceW,LoadResource,LockResource,GetSystemMetrics,FindResourceW,LoadResource,LockResource,SizeofResource,CreateIconFromResourceEx,FreeLibrary,ExtractIconW,

0_2_00000001400AE5E0

Source: C:\Users\user\Desktop\Setup.exe

File created: C:\Users\Public\Torrent

Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Setup.exe

Virustotal: Detection: 6%

Source: C:\Users\user\Desktop\Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32

Jump to behavior

Source: Setup.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Setup.exe

Static file information: File size 1371648 > 1048576

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_000000014009E020 CreateDialogIndirectParamW,SetPropW,DestroyWindow,LoadLibraryW,GetProcAddress,FreeLibrary,SetWindowLongPtrW,GetWindowLongW,SetWindowLongW,

0_2_000000014009E020

Source: Setup.exe

Static PE information: section name: text

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D8190 push rbp; iretd	0_2_00000001400D8688
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001401284CB push rbp; iretd	0_2_00000001401284DE
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400BCC66 push 85000BCBh; retf	0_2_00000001400BCCF5

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140050566 IsZoomed,IsIconic,	0_2_0000000140050566
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014007A590 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,_swprintf,malloc,malloc,	0_2_000000014007A590
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140058A70 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,malloc,	0_2_0000000140058A70
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140054C20 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,malloc,	0_2_0000000140054C20
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140044C80 IsWindow,DestroyWindow,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,MonitorFromPoint,GetMonitorInfoW,IsWindow,CreateWindowExW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,	0_2_0000000140044C80
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140056DC0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,	0_2_0000000140056DC0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096FB0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,	0_2_0000000140096FB0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140096FB0 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,	0_2_0000000140096FB0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009109D GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_000000014009109D
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400910AD MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_00000001400910AD
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400910A5 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_00000001400910A5
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400910BB MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_00000001400910BB
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400970DF ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_00000001400970DF
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400970D5 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_00000001400970D5
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400910FF MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_00000001400910FF
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009710A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_000000014009710A
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009713C ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_000000014009713C
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140091137 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091137
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140091146 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	0_2_0000000140091146
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009719A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_000000014009719A
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140093200 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,	0_2_0000000140093200
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400971F8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_00000001400971F8
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140097229 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetForegroundWindow,DefDlgProcW,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	0_2_0000000140097229
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014008F260 SendMessageW,MulDiv,MulDiv,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,	0_2_000000014008F260
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400B1470 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,	0_2_00000001400B1470
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400694D0 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow,	0_2_00000001400694D0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014009D500 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,	0_2_000000014009D500
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400B1650 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop,	0_2_00000001400B1650
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400536A0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,_swprintf,malloc,ReleaseDC,SelectObject,DeleteDC,DeleteObject,malloc,GetPixel,ReleaseDC,malloc,malloc,	0_2_00000001400536A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400ADB60 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,	0_2_00000001400ADB60
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400A1CD0 CheckMenuItem,CheckMenuItem,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetForegroundWindow,GetWindowThreadProcessId,SetForegroundWindow,SetForegroundWindow,TrackPopupMenuEx,PostMessageW,GetForegroundWindow,SetForegroundWindow,	0_2_00000001400A1CD0

Source: C:\Users\user\Desktop\Setup.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Contains functionality to detect sleep reduction / modifications

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140018F30

0_2_0000000140018F30

Uses Windows timers to delay execution

Source: C:\Users\user\Desktop\Setup.exe	User Timer Set: Timeout: 100ms	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	User Timer Set: Timeout: 10ms	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	User Timer Set: Timeout: 10ms	Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

API coverage: 1.3 %

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140018F30

0_2_0000000140018F30

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001A910 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014001AA8Dh country: Russian (ru)	0_2_000000014001A910
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022A87 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur)	0_2_0000000140022A87
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022A87 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu)	0_2_0000000140022A87
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022A8F GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur)	0_2_0000000140022A8F
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022A8F GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu)	0_2_0000000140022A8F
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022A96 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur)	0_2_0000000140022A96
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022A96 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu)	0_2_0000000140022A96
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022ABD GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur)	0_2_0000000140022ABD
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022ABD GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu)	0_2_0000000140022ABD
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022AE1 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur)	0_2_0000000140022AE1
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022AE1 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu)	0_2_0000000140022AE1
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022B05 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 0000000140022CB9h country: Urdu (ur)	0_2_0000000140022B05
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140022B05 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 0000000140022CB9h country: Inuktitut (iu)	0_2_0000000140022B05
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400150B0 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 0000000140015412h country: Spanish (es)	0_2_00000001400150B0

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140059180 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400594B3h		0_2_0000000140059180
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140059180 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140059373h		0_2_0000000140059180

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400AD4A0 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	0_2_00000001400AD4A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014003C6B0 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,	0_2_000000014003C6B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140066C80 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,_swprintf,FindNextFileW,FindClose,	0_2_0000000140066C80
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140066FC0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,_swprintf,malloc,	0_2_0000000140066FC0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140081230 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,	0_2_0000000140081230
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400AD3A0 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00000001400AD3A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140067610 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	0_2_0000000140067610
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140081820 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0000000140081820

Source: Setup.exe, 00000000.00000002.1684677071.00000000008C7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
Source: Setup.exe, 00000000.00000002.1684756472.0000000000904000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Setup.exe, 00000000.00000002.1684677071.00000000008C7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\

Source: C:\Users\user\Desktop\Setup.exe

API call chain: ExitProcess graph end node

graph_0-224715

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140018050 BlockInput,BlockInput,

0_2_0000000140018050

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400D1110 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00000001400D1110

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_000000014009E020 CreateDialogIndirectParamW,SetPropW,DestroyWindow,LoadLibraryW,GetProcAddress,FreeLibrary,SetWindowLongPtrW,GetWindowLongW,SetWindowLongW,

0_2_000000014009E020

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400D76DC GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,

0_2_00000001400D76DC

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D2BA4 SetUnhandledExceptionFilter,	0_2_00000001400D2BA4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400D1110 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00000001400D1110
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_00000001400CDD84 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00000001400CDD84

Source: C:\Users\user\Desktop\Setup.exe

0_2_0000000140041980

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400172A0 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput,

0_2_00000001400172A0

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140018AB0 mouse_event,

0_2_0000000140018AB0

Source: Setup.exe	Binary or memory string: TextLEFTLRIGHTRMIDDLEMX1X2WUWDWLWR{Blind}{ClickLl{}^+!#{}RawTempASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt SYSTEM\CurrentControlSet\Control\Keyboard Layouts\Layout FileKbdLayerDescriptorsc%03Xvk%02XSCALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUPRtlGetVersionntdll.dll%u.%u.%uStdOutAllUnreachableClassOverwriteUseEnvLocalSameAsGlobalUseUnsetGlobalUseUnsetLocalYYYYYWeekYearYDayWorkingDirWinDirWinDelayWDayUserNameTitleMatchModeSpeedTitleMatchModeTimeSinceThisHotkeyTimeSincePriorHotkeyTimeIdlePhysicalTimeIdleMouseTimeIdleKeyboardTimeIdleTickCountThisMenuItemPosThisMenuItemThisMenuThisLabelThisHotkeyThisFuncStoreCapslockModeStartupCommonStartupStartMenuCommonStartMenuSecScriptNameScriptHwndScriptFullPathScriptDirScreenWidthScreenHeightScreenDPIRegViewPtrSizeProgramsCommonProgramsPriorKeyPriorHotkeyOSVersionOSTypeNumBatchLinesNowUTCNowMyDocumentsMSecMouseDelayPlayMouseDelayMonMMMMMMMMMMinMDayLoopRegTypeLoopRegTimeModifiedLoopRegSubKeyLoopRegNameLoopRegKeyLoopReadLineLoopFileTimeModifiedLoopFileTimeCreatedLoopFileTimeAccessedLoopFileSizeMBLoopFileSizeKBLoopFileSizeLoopFileShortPathLoopFileShortNameLoopFilePathLoopFileNameLoopFileLongPathLoopFileFullPathLoopFileExtLoopFileDirLoopFileAttribLoopFieldLineNumberLineFileLastErrorLanguageKeyDurationPlayKeyDurationKeyDelayPlayKeyDelayIsUnicodeIsSuspendedIsPausedIsCriticalIsCompiledIsAdminIs64bitOSIPAddress4IPAddress3IPAddress2IPAddress1IndexIconTipIconNumberIconHiddenIconFileHourGuiYGuiXGuiWidthGuiHeightGuiEventGuiControlEventFormatIntegerFormatFloatExitReasonEventInfoEndCharDesktopCommonDesktopDefaultTreeViewDefaultMouseSpeedDefaultListViewDefaultGuiDDDDDDDDDCursorCoordModeToolTipCoordModePixelCoordModeMouseCoordModeMenuCoordModeCaretControlDelayComputerNameCaretYCaretXBatchLinesAppDataCommonAppDataAhkVersionAhkPathTrueProgramFilesFalseComSpecClipboardAll...%s[%Iu of %Iu]: %-1.60s%sPropertyRegExMatch\:\:REG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYDefault3264LineRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDestroyNamePriorityInterruptNoTimersLabelTypeCountLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPFuncRemoveClipboardFormatListeneruser32AddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMeRegClassAutoHotkey2Shell_TrayWndCreateWindoweditConsolasLucida ConsoleErrorLevel <>=/\|^,:&~!()[]{}+-?."'\;`IFWHILEClass>AUTOHOTKEY SCRIPT<Could not extract script from EXE./#CommentFlag/and<>=/\|^,:<>=/\|^,:.+-&!?~::?- Continuation section too long.JoinLTrimRTrimMissing ")"Functions cannot contain functions.Missing "{"Not a valid method, class or property definition.GetSetNot a valid property getter/setter.Hotkeys/hotstrings are not allowed inside
Source: Setup.exe	Binary or memory string: Program Manager
Source: Setup.exe	Binary or memory string: Shell_TrayWnd
Source: Setup.exe	Binary or memory string: Progman
Source: Setup.exe	Binary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_0000000140020253 SetCurrentDirectoryW,malloc,GetSystemTimeAsFileTime,

0_2_0000000140020253

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400690F0 GetComputerNameW,GetUserNameW,

0_2_00000001400690F0

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_00000001400CE334 HeapCreate,GetVersion,HeapSetInformation,

0_2_00000001400CE334

Source: Setup.exe	Binary or memory string: WIN_XP
Source: Setup.exe	Binary or memory string: ?A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle1.1.34.03\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003%04hX0x%IxpPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfo0%
Source: Setup.exe	Binary or memory string: WIN_VISTA
Source: Setup.exe	Binary or memory string: WIN_7
Source: Setup.exe	Binary or memory string: WIN_8
Source: Setup.exe	Binary or memory string: WIN_8.1

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001E850 PostThreadMessageW,Sleep,GetTickCount,GetExitCodeThread,GetTickCount,Sleep,CloseHandle,CreateMutexW,CloseHandle,CreateMutexW,CloseHandle,Shell_NotifyIconW,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,RemoveClipboardFormatListener,ChangeClipboardChain,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,	0_2_000000014001E850
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_000000014001F440 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,	0_2_000000014001F440
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_0000000140073500 RemoveClipboardFormatListener,ChangeClipboardChain,	0_2_0000000140073500

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Masquerading	21 Input Capture	11 System Time Discovery	Remote Services	1 Screen Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Virtualization/Sandbox Evasion	LSASS Memory	131 Security Software Discovery	Remote Desktop Protocol	21 Input Capture	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Process Injection	1 Disable or Modify Tools	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Archive Collected Data	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Access Token Manipulation	NTDS	2 Process Discovery	Distributed Component Object Model	3 Clipboard Data	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Process Injection	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Deobfuscate/Decode Files or Information	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Obfuscated Files or Information	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	2 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	14 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Setup.exe	0%	ReversingLabs
Setup.exe	7%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://autohotkey.comCould	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://autohotkey.com	Setup.exe	false		high
https://autohotkey.comCould	Setup.exe	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1416903
Start date and time:	2024-03-28 09:19:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Setup.exe
Detection:	MAL
Classification:	mal60.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 184 Number of non-executed functions: 48
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size exceeded maximum capacity and may have missing disassembly code.

Simulations

Behavior and APIs

Time	Type	Description
09:19:53	API Interceptor	1x Sleep call for process: Setup.exe modified

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.108651062106143
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Setup.exe
File size:	1'371'648 bytes
MD5:	67890fcc5a391a8914e9ffaf209abecd
SHA1:	d7f8448dee9b8f76a4b007bfe0da83f52eac674e
SHA256:	27be6ed296617b8b4fe5cf1e9a4c0e4547c81d3cbf4bce524792d8e971fb290f
SHA512:	509d4c880d4bc37e35353279c8b9c594dee774cfe774b06b0daa07d3ef68dd187f971e3cc9e97db8eb8ed946bbf0e5b0cf2862c595e0065a9aa39f8f683d65b2
SSDEEP:	24576:5EqYy2vg041qFrGsZPUaEI7n3eWbn8/XXQGGH8BTLxeX1fiYM4Qe6fqwo:5EqFcg041qFrGsZPUaEI7n3eWbn8vAfZ
TLSH:	E3555A0633A1C0B8DA6690B2C625922ED7717414C72B8EDB64E05EDEFFD2A905F36731
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&.DXG..XG..XG..C...mG..C....G..Q? .^G..Q?$.YG..Q?0.EG..XG...F..C.=.OG..C...sG..C.9.YG..C.>.YG..RichXG..........PE..d...1..b...

File Icon


Icon Hash:	1fa1b0b4b4b0701f

Static PE Info

General

Entrypoint:	0x1400ccd80
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:
Time Stamp:	0x629C1731 [Sun Jun 5 02:38:41 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	b66b962f1654841b6655c9e59651771a

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F84F089F048h
dec eax
add esp, 28h
jmp 00007F84F08989F7h
int3
int3
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], ebp
dec eax
mov dword ptr [esp+18h], esi
push edi
dec eax
sub esp, 20h
dec eax
lea ebx, dword ptr [ecx+1Ch]
dec eax
mov ebp, ecx
mov esi, 00000101h
dec eax
mov ecx, ebx
inc esp
mov eax, esi
xor edx, edx
call 00007F84F089BF14h
inc ebp
xor ebx, ebx
dec eax
lea edi, dword ptr [ebp+10h]
inc ecx
lea ecx, dword ptr [ebx+06h]
inc ecx
movzx eax, bx
inc esp
mov dword ptr [ebp+0Ch], ebx
dec esp
mov dword ptr [ebp+04h], ebx
rep stosw
dec eax
lea edi, dword ptr [0004365Eh]
dec eax
sub edi, ebp
mov al, byte ptr [edi+ebx]
mov byte ptr [ebx], al
dec eax
inc ebx
dec eax
dec esi
jne 00007F84F0898B95h
dec eax
lea ecx, dword ptr [ebp+0000011Dh]
mov edx, 00000100h
mov al, byte ptr [ecx+edi]
mov byte ptr [ecx], al
dec eax
inc ecx
dec eax
dec edx
jne 00007F84F0898B95h
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
add esp, 20h
pop edi
ret
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+10h], ebx
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
push ebp
dec eax
lea ebp, dword ptr [eax-00000488h]
dec eax
sub esp, 00000580h
dec eax
mov eax, dword ptr [0004446Bh]
dec eax
xor eax, esp

Rich Headers

Programming Language:

[C++] VS2010 SP1 build 40219
[ C ] VS2010 SP1 build 40219
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x10cfdc	0x12c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x12f000	0x2a3c8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x11d000	0x7980	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xdf000	0xeb8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xdd426	0xdd600	4944ca6026936a8815b1ddae21c00292	False	0.5366936053077357	data	6.543735961579387	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xdf000	0x30f3e	0x31000	b8e4c6a15b9da25f8184df2d630e28d0	False	0.281070631377551	data	4.993934088064197	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x110000	0xc328	0x5000	a92c5afeca34cd985c617c0442a7d56b	False	0.247412109375	data	3.2453306973952833	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x11d000	0x7980	0x7a00	a6daa653cc667f7e3b1d13baf7e4c484	False	0.4823258196721312	data	6.030017908203169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
text	0x125000	0x258d	0x2600	c0f57c57c0a2bd55a1fd49a6f01205e7	False	0.4654605263157895	data	5.774921348227209	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE
data	0x128000	0x6ec0	0x7000	8f4275b626558a8640120f611553e570	False	0.47119140625	data	6.457359279664662	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x12f000	0x2a3c8	0x2a400	1c4554a73cff8b13421466a165763d23	False	0.07492372411242604	data	2.2278670956283784	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x12f818	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.23521505376344087
RT_ICON	0x12fb00	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.39864864864864863
RT_ICON	0x12fc28	0x2ca8	Device independent bitmap graphic, 96 x 192 x 8, image size 9216, 256 important colors	English	United States	0.048547935619314204
RT_ICON	0x1328d0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6941489361702128
RT_ICON	0x132d38	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6622340425531915
RT_ICON	0x1331a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6453900709219859
RT_ICON	0x133608	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.6655405405405406
RT_ICON	0x133730	0x1bc8	Device independent bitmap graphic, 72 x 144 x 8, image size 5184, 256 important colors	English	United States	0.06285151856017998
RT_ICON	0x1352f8	0x1628	Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors	English	United States	0.06770098730606489
RT_ICON	0x136920	0x1418	Device independent bitmap graphic, 60 x 120 x 8, image size 3600, 256 important colors	English	United States	0.07231726283048212
RT_ICON	0x137d38	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.08049040511727079
RT_ICON	0x138be0	0xba8	Device independent bitmap graphic, 40 x 80 x 8, image size 1600, 256 important colors	English	United States	0.09517426273458444
RT_ICON	0x139788	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.10063176895306859
RT_ICON	0x13a030	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States	0.11981566820276497
RT_ICON	0x13a6f8	0x608	Device independent bitmap graphic, 20 x 40 x 8, image size 400, 256 important colors	English	United States	0.15414507772020725
RT_ICON	0x13ad00	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.10476878612716763
RT_ICON	0x13b268	0x86e	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.840129749768304
RT_ICON	0x13bad8	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	United States	0.025882909396678578
RT_ICON	0x144f80	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	English	United States	0.029621072088724585
RT_ICON	0x14a408	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.03288852149267832
RT_ICON	0x14e630	0x3a48	Device independent bitmap graphic, 60 x 120 x 32, image size 14880	English	United States	0.037265415549597856
RT_ICON	0x152078	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.04128630705394191
RT_ICON	0x154620	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	English	United States	0.052366863905325446
RT_ICON	0x156088	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.06074108818011257
RT_ICON	0x157130	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.09631147540983606
RT_ICON	0x157ab8	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	English	United States	0.12151162790697674
RT_ICON	0x158170	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.12854609929078015
RT_MENU	0x1585d8	0x2c8	data	English	United States	0.46207865168539325
RT_DIALOG	0x1588a0	0xe8	data	English	United States	0.6206896551724138
RT_ACCELERATOR	0x158988	0x48	data	English	United States	0.8194444444444444
RT_RCDATA	0x1589d0	0x170	ASCII text	English	United States	0.46467391304347827
RT_GROUP_ICON	0x158b40	0x148	data	English	United States	0.573170731707317
RT_GROUP_ICON	0x158c88	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x158c9c	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x158cb0	0x14	data	English	United States	1.25
RT_GROUP_ICON	0x158cc4	0x14	data	English	United States	1.25
RT_VERSION	0x158cd8	0x1fc	data	English	United States	0.5059055118110236
RT_MANIFEST	0x158ed4	0x4f4	ASCII text, with very long lines (1268), with no line terminators	English	United States	0.4755520504731861

Imports

DLL	Import
WSOCK32.dll	gethostbyname, inet_addr, WSACleanup, gethostname, WSAStartup
WINMM.dll	mixerGetLineInfoW, mixerGetDevCapsW, mixerOpen, mciSendStringW, joyGetPosEx, mixerGetLineControlsW, mixerGetControlDetailsW, mixerSetControlDetails, waveOutGetVolume, mixerClose, waveOutSetVolume, joyGetDevCapsW
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
COMCTL32.dll	ImageList_Create, CreateStatusWindowW, ImageList_ReplaceIcon, ImageList_GetIconSize, ImageList_Destroy, ImageList_AddMasked
PSAPI.DLL	GetProcessImageFileNameW, GetModuleBaseNameW, GetModuleFileNameExW
WININET.dll	InternetOpenW, InternetOpenUrlW, InternetCloseHandle, InternetReadFileExA, InternetReadFile
KERNEL32.dll	GetModuleFileNameW, GetSystemTimeAsFileTime, FindResourceW, SizeofResource, LoadResource, LockResource, GetFullPathNameW, GetShortPathNameW, FindFirstFileW, FindNextFileW, FindClose, FileTimeToLocalFileTime, SetEnvironmentVariableW, Beep, MoveFileW, OutputDebugStringW, CreateProcessW, GetFileAttributesW, WideCharToMultiByte, MultiByteToWideChar, GetExitCodeProcess, WriteProcessMemory, ReadProcessMemory, GetCurrentProcessId, OpenProcess, TerminateProcess, SetPriorityClass, SetLastError, GetEnvironmentVariableW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetDiskFreeSpaceExW, SetVolumeLabelW, CreateFileW, DeviceIoControl, GetDriveTypeW, GetVolumeInformationW, GetDiskFreeSpaceW, GetCurrentDirectoryW, CreateDirectoryW, ReadFile, WriteFile, DeleteFileW, SetFileAttributesW, LocalFileTimeToFileTime, SetFileTime, DeleteCriticalSection, GetSystemTime, GetSystemDefaultUILanguage, GetComputerNameW, GetSystemWindowsDirectoryW, GetTempPathW, EnterCriticalSection, LeaveCriticalSection, VirtualProtect, QueryDosDeviceW, CompareStringW, RemoveDirectoryW, CopyFileW, GetCurrentProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, WritePrivateProfileSectionW, SetEndOfFile, GetACP, GetFileType, GetStdHandle, SetFilePointerEx, SystemTimeToFileTime, FileTimeToSystemTime, GetFileSize, IsWow64Process, VirtualAllocEx, VirtualFreeEx, EnumResourceNamesW, LoadLibraryExW, GlobalSize, HeapReAlloc, EncodePointer, HeapFree, DecodePointer, ExitProcess, HeapAlloc, IsValidCodePage, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, GetCPInfo, GetVersionExW, GetModuleHandleW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLastError, CreateMutexW, CloseHandle, GetExitCodeThread, SetThreadPriority, CreateThread, GetStringTypeExW, lstrcmpiW, GetCurrentThreadId, GlobalUnlock, GlobalFree, GlobalAlloc, GlobalLock, SetErrorMode, InitializeCriticalSection, SetCurrentDirectoryW, Sleep, GetTickCount, MulDiv, RtlCaptureContext, HeapSetInformation, GetVersion, HeapCreate, InitializeCriticalSectionAndSpinCount, HeapSize, HeapQueryInformation, GetCommandLineW, GetStartupInfoW, RtlUnwindEx, SetHandleCount, GetStringTypeW, RaiseException, RtlPcToFileHeader, LCMapStringW, GetConsoleCP, GetConsoleMode, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetOEMCP, FlushFileBuffers, SetFilePointer, WriteConsoleW, SetStdHandle, GetFileSizeEx, GetProcessHeap
USER32.dll	GetDlgItem, SetDlgItemTextW, MessageBeep, GetCursorInfo, GetLastInputInfo, GetSystemMenu, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuStringW, ExitWindowsEx, SetMenu, FlashWindow, GetPropW, SetPropW, RemovePropW, MapWindowPoints, RedrawWindow, SetWindowLongPtrW, SetParent, GetClassInfoExW, DefDlgProcW, GetAncestor, UpdateWindow, GetMessagePos, GetClassLongPtrW, CallWindowProcW, CheckRadioButton, IntersectRect, GetUpdateRect, PtInRect, CreateDialogIndirectParamW, GetWindowLongPtrW, CreateAcceleratorTableW, DestroyAcceleratorTable, InsertMenuItemW, SetMenuDefaultItem, RemoveMenu, SetMenuItemInfoW, IsMenu, GetMenuItemInfoW, CreateMenu, CreatePopupMenu, SetMenuInfo, AppendMenuW, DestroyMenu, TrackPopupMenuEx, CopyImage, CreateIconIndirect, CreateIconFromResourceEx, EnumClipboardFormats, GetWindow, BringWindowToTop, MessageBoxW, GetTopWindow, GetQueueStatus, SendDlgItemMessageW, LoadAcceleratorsW, EnableMenuItem, GetMenu, CreateWindowExW, RegisterClassExW, LoadCursorW, DestroyIcon, IsCharAlphaW, EnableWindow, VkKeyScanExW, MapVirtualKeyExW, GetKeyboardLayoutNameW, ActivateKeyboardLayout, GetGUIThreadInfo, GetWindowTextW, mouse_event, WindowFromPoint, GetSystemMetrics, keybd_event, SetKeyboardState, GetKeyboardState, GetCursorPos, GetAsyncKeyState, AttachThreadInput, SendInput, UnregisterHotKey, RegisterHotKey, PostQuitMessage, SendMessageTimeoutW, UnhookWindowsHookEx, SetWindowsHookExW, PostThreadMessageW, IsCharAlphaNumericW, IsCharUpperW, IsCharLowerW, ToUnicodeEx, GetKeyboardLayout, CallNextHookEx, CharLowerW, ReleaseDC, GetDC, OpenClipboard, GetClipboardData, GetClipboardFormatNameW, CloseClipboard, SetClipboardData, EmptyClipboard, PostMessageW, FindWindowW, EndDialog, IsWindow, DispatchMessageW, TranslateMessage, ShowWindow, CountClipboardFormats, SetWindowLongW, ScreenToClient, IsDialogMessageW, DialogBoxParamW, SetForegroundWindow, DefWindowProcW, FillRect, DrawIconEx, GetSysColorBrush, GetSysColor, RegisterWindowMessageW, EnumDisplayMonitors, IsIconic, IsZoomed, EnumWindows, SetClipboardViewer, GetWindowTextLengthW, SendMessageW, IsWindowEnabled, GetWindowLongW, GetKeyState, TranslateAcceleratorW, KillTimer, PeekMessageW, GetFocus, GetClassNameW, GetWindowThreadProcessId, GetForegroundWindow, InvalidateRect, SetLayeredWindowAttributes, SetWindowPos, SetWindowRgn, SetFocus, SetActiveWindow, ClientToScreen, EnumChildWindows, MoveWindow, GetWindowRect, GetMonitorInfoW, MonitorFromPoint, GetClientRect, SystemParametersInfoW, AdjustWindowRectEx, DrawTextW, SetRect, GetIconInfo, SetWindowTextW, IsWindowVisible, BlockInput, GetMessageW, SetTimer, GetParent, GetDlgCtrlID, CharUpperW, IsClipboardFormatAvailable, CheckMenuItem, LoadImageW, MapVirtualKeyW, ChangeClipboardChain, DestroyWindow
GDI32.dll	GetPixel, GetClipRgn, GetCharABCWidthsW, SetBkMode, CreatePatternBrush, SetBrushOrgEx, EnumFontFamiliesExW, CreateDIBSection, GdiFlush, SetBkColor, ExcludeClipRect, SetTextColor, GetClipBox, BitBlt, CreateCompatibleBitmap, GetSystemPaletteEntries, GetDIBits, CreateCompatibleDC, CreatePolygonRgn, CreateRectRgn, CreateRoundRectRgn, CreateEllipticRgn, DeleteDC, GetObjectW, GetTextMetricsW, GetTextFaceW, SelectObject, GetStockObject, CreateDCW, CreateSolidBrush, CreateFontW, FillRgn, GetDeviceCaps, DeleteObject
COMDLG32.dll	CommDlgExtendedError, GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, GetUserNameW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegOpenKeyExW, RegCloseKey, RegConnectRegistryW, RegDeleteValueW
SHELL32.dll	DragQueryPoint, SHEmptyRecycleBinW, SHFileOperationW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetDesktopFolder, SHGetMalloc, SHGetFolderPathW, ShellExecuteExW, Shell_NotifyIconW, DragFinish, DragQueryFileW, ExtractIconW
ole32.dll	OleInitialize, OleUninitialize, CoCreateInstance, CoInitialize, CoUninitialize, CLSIDFromString, CLSIDFromProgID, CoGetObject, StringFromGUID2, CreateStreamOnHGlobal
OLEAUT32.dll	SafeArrayGetLBound, GetActiveObject, SysStringLen, OleLoadPicture, SafeArrayUnaccessData, SafeArrayGetElemsize, SafeArrayAccessData, SafeArrayUnlock, SafeArrayPtrOfIndex, SafeArrayLock, SafeArrayGetDim, SafeArrayDestroy, SafeArrayGetUBound, VariantCopyInd, SafeArrayCopy, SysAllocString, VariantChangeType, VariantClear, SafeArrayCreate, SysFreeString

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	09:19:53
Start date:	28/03/2024
Path:	C:\Users\user\Desktop\Setup.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Setup.exe"
Imagebase:	0x140000000
File size:	1'371'648 bytes
MD5 hash:	67890FCC5A391A8914E9FFAF209ABECD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	38.6%
Total number of Nodes:	883
Total number of Limit Nodes:	41

Executed Functions

Function 000000014001E850 Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 309
windowsleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32 ref: 000000014001E8C4
Sleep.KERNEL32 ref: 000000014001E8D0
GetTickCount.KERNEL32 ref: 000000014001E8E0
GetExitCodeThread.KERNEL32 ref: 000000014001E8FF
GetTickCount.KERNEL32 ref: 000000014001E912
Sleep.KERNEL32 ref: 000000014001E923
CloseHandle.KERNEL32 ref: 000000014001E932
CreateMutexW.KERNEL32 ref: 000000014001E95D
CloseHandle.KERNEL32 ref: 000000014001E978
CreateMutexW.KERNEL32 ref: 000000014001E99F
CloseHandle.KERNEL32 ref: 000000014001E9BB
Shell_NotifyIconW.SHELL32 ref: 000000014001EA0C
IsWindow.USER32 ref: 000000014001EA28
DestroyWindow.USER32 ref: 000000014001EA35
DeleteObject.GDI32 ref: 000000014001EA44
DeleteObject.GDI32 ref: 000000014001EA53
DeleteObject.GDI32 ref: 000000014001EA62
DeleteObject.GDI32 ref: 000000014001EA85
DestroyIcon.USER32 ref: 000000014001EA8D
IsWindow.USER32 ref: 000000014001EA9C
DestroyWindow.USER32 ref: 000000014001EAAA
DeleteObject.GDI32 ref: 000000014001EAB9
DeleteObject.GDI32 ref: 000000014001EAC8
DeleteObject.GDI32 ref: 000000014001EAD7
DeleteObject.GDI32 ref: 000000014001EB34
DestroyIcon.USER32 ref: 000000014001EB59
DestroyIcon.USER32 ref: 000000014001EB66
IsWindow.USER32 ref: 000000014001EBA8
DestroyWindow.USER32 ref: 000000014001EBB5
DeleteObject.GDI32 ref: 000000014001EBD0
ChangeClipboardChain.USER32 ref: 000000014001EC21
mciSendStringW.WINMM ref: 000000014001EC4C
mciSendStringW.WINMM ref: 000000014001EC69
DeleteCriticalSection.KERNEL32 ref: 000000014001EC76
OleUninitialize.OLE32 ref: 000000014001EC7C

Strings

Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function., xrefs: 000000014001E9E4
status AHK_PlayMe mode, xrefs: 000000014001EC45
AHK Keybd, xrefs: 000000014001E952
2, xrefs: 000000014001E8D8
AHK Mouse, xrefs: 000000014001E994
close AHK_PlayMe, xrefs: 000000014001EC62

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Delete$Object$DestroyWindow$Icon$CloseHandle$CountCreateMutexSendSleepStringThreadTick$ChainChangeClipboardCodeCriticalExitMessageNotifyPostSectionShell_Uninitialize
String ID: 2$AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.$close AHK_PlayMe$status AHK_PlayMe mode
API String ID: 2336381626-2823248856
Opcode ID: bbeb3754e851e32e3d7230555740757d0eb2e19385b80c8ce8fadd64d2fc7919
Instruction ID: ae6d289a8e4092d19f78b740bdc86684a3bd6d3c5eeb3f2221ec3056315eb0d5
Opcode Fuzzy Hash: bbeb3754e851e32e3d7230555740757d0eb2e19385b80c8ce8fadd64d2fc7919
Instruction Fuzzy Hash: C6E10835201A8086FB6B9F63E8547ED23A1BB8CFD4F488525EB1A4B6B4CF39C446C351

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140055E40 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 462
registrywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegisterWindowMessageW.USER32 ref: 0000000140055E7D

Strings

TaskbarCreated, xrefs: 0000000140055E70
, xrefs: 0000000140056284

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: MessageRegisterWindow
String ID: $TaskbarCreated
API String ID: 1814269913-2756569325
Opcode ID: d34deb9f11511e3579c3ba2b46536db34589608847754f20ec7e2ea4100bb72b
Instruction ID: 74c41e2f6980512f5fecd5883ed90d90f71f0abb0ccde258fd024e1a2d041a81
Opcode Fuzzy Hash: d34deb9f11511e3579c3ba2b46536db34589608847754f20ec7e2ea4100bb72b
Instruction Fuzzy Hash: 33228D75204A408BEB6ACF27E4547EA77A1F74CBC4F444125EB8A47BB8EB39D545CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001EFC0 Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 233
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400AE5E0: LoadLibraryExW.KERNEL32 ref: 00000001400AE613
Part of subcall function 00000001400AE5E0: FindResourceW.KERNEL32 ref: 00000001400AE698
Part of subcall function 00000001400AE5E0: LoadResource.KERNEL32 ref: 00000001400AE6AD
Part of subcall function 00000001400AE5E0: LockResource.KERNEL32 ref: 00000001400AE6BF
Part of subcall function 00000001400AE5E0: GetSystemMetrics.USER32 ref: 00000001400AE6DF
Part of subcall function 00000001400AE5E0: FindResourceW.KERNEL32 ref: 00000001400AE755
Part of subcall function 00000001400AE5E0: LoadResource.KERNEL32 ref: 00000001400AE769
Part of subcall function 00000001400AE5E0: LockResource.KERNEL32 ref: 00000001400AE777

GetSystemMetrics.USER32 ref: 000000014001F058

Part of subcall function 00000001400AE5E0: EnumResourceNamesW.KERNEL32 ref: 00000001400AE67B
Part of subcall function 00000001400AE5E0: SizeofResource.KERNEL32 ref: 00000001400AE78B
Part of subcall function 00000001400AE5E0: CreateIconFromResourceEx.USER32 ref: 00000001400AE7AE

LoadCursorW.USER32 ref: 000000014001F09A
RegisterClassExW.USER32 ref: 000000014001F0C5
RegisterClassExW.USER32 ref: 000000014001F0EC
GetForegroundWindow.USER32 ref: 000000014001F123
GetClassNameW.USER32 ref: 000000014001F13F
CreateWindowExW.USER32 ref: 000000014001F1C2
GetMenu.USER32 ref: 000000014001F1E7
EnableMenuItem.USER32 ref: 000000014001F1FE
CreateWindowExW.USER32 ref: 000000014001F266
GetDC.USER32 ref: 000000014001F2C3
GetDeviceCaps.GDI32 ref: 000000014001F2ED
MulDiv.KERNEL32 ref: 000000014001F2FE
CreateFontW.GDI32 ref: 000000014001F342
ReleaseDC.USER32 ref: 000000014001F359
SendMessageW.USER32 ref: 000000014001F374
SendMessageW.USER32 ref: 000000014001F38C
ShowWindow.USER32 ref: 000000014001F39B
ShowWindow.USER32 ref: 000000014001F3AA
ShowWindow.USER32 ref: 000000014001F3C9
SetWindowLongW.USER32 ref: 000000014001F3DD
LoadAcceleratorsW.USER32 ref: 000000014001F3EF

Strings

edit, xrefs: 000000014001F22D
Consolas, xrefs: 000000014001F2DA
P, xrefs: 000000014001F032
AutoHotkey2, xrefs: 000000014001F0D0
RegClass, xrefs: 000000014001F0FB
CreateWindow, xrefs: 000000014001F27C
AutoHotkey, xrefs: 000000014001F007
Shell_TrayWnd, xrefs: 000000014001F149
Lucida Console, xrefs: 000000014001F2D0

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Resource$Window$Load$Create$ClassShow$FindLockMenuMessageMetricsRegisterSendSystem$AcceleratorsCapsCursorDeviceEnableEnumFontForegroundFromIconItemLibraryLongNameNamesReleaseSizeof
String ID: AutoHotkey$AutoHotkey2$Consolas$CreateWindow$Lucida Console$P$RegClass$Shell_TrayWnd$edit
API String ID: 221421807-2636979444
Opcode ID: 55dd66b0750d7da4e52f0770929b0fbf3d6793008537eaaff2a4b621cb77d824
Instruction ID: 9b0e2f6c69485fb8ec57ce70399adead094d9dac222e6f592f54d16756aeffa0
Opcode Fuzzy Hash: 55dd66b0750d7da4e52f0770929b0fbf3d6793008537eaaff2a4b621cb77d824
Instruction Fuzzy Hash: 9BC15935208B8082E7668B22F854BEA73A5FB8DBD0F544119EB894BBB4DF3DC555DB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001B0C Relevance: 51.4, APIs: 28, Strings: 1, Instructions: 620timewindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140001B3D
CloseClipboard.USER32 ref: 0000000140001B4A
SetTimer.USER32 ref: 0000000140001BFA
GetTickCount.KERNEL32 ref: 0000000140001CCD
GetTickCount.KERNEL32 ref: 0000000140001D28
GetMessageW.USER32 ref: 0000000140001D6B
GetTickCount.KERNEL32 ref: 0000000140001D7A

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessageTimerUnlock
String ID: #32770
API String ID: 1115112458-463685578
Opcode ID: 142b92b5ad2cfdf1b46add384a66016d64d4d1895153f3acb373f4d837314675
Instruction ID: d979086e244771f1058c6eeda0f323f2161955c8e31e2b1f95c64bbc6df12670
Opcode Fuzzy Hash: 142b92b5ad2cfdf1b46add384a66016d64d4d1895153f3acb373f4d837314675
Instruction Fuzzy Hash: C1526EB260568486FB67CB27B8547E937A1F78DBD8F184016EB8A077B5DB38C981C710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005380 Relevance: 42.4, APIs: 14, Strings: 10, Instructions: 357
sleepwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014000539D
SetErrorMode.KERNELBASE ref: 00000001400053A8

Part of subcall function 0000000140063B10: GetCurrentDirectoryW.KERNEL32(?,00000001400053B5), ref: 0000000140063B2C

wcsncpy.LIBCMT ref: 0000000140005517

Part of subcall function 00000001400C986C: _errno.LIBCMT ref: 00000001400C9884
Part of subcall function 00000001400C986C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C988F

FindWindowW.USER32 ref: 000000014000572C
FindWindowW.USER32 ref: 0000000140005799
PostMessageW.USER32 ref: 00000001400057BD
Sleep.KERNEL32 ref: 00000001400057CA
IsWindow.USER32 ref: 00000001400057D3
Sleep.KERNEL32 ref: 000000014000580E
IsWindow.USER32 ref: 0000000140005817
Sleep.KERNEL32 ref: 0000000140005826
SystemParametersInfoW.USER32 ref: 000000014000583D
SystemParametersInfoW.USER32 ref: 000000014000585F

Part of subcall function 00000001400C9F1C: _errno.LIBCMT ref: 00000001400C9F4E
Part of subcall function 00000001400C9F1C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C9F59

malloc.LIBCMT ref: 00000001400058B0

Part of subcall function 00000001400C98F4: _FF_MSGBANNER.LIBCMT ref: 00000001400C9924
Part of subcall function 00000001400C98F4: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CEC94,?,?,00000000,00000001400CE54D,?,?,?,00000001400CE5F7,?,?,00000000,00000001400CD9E5), ref: 00000001400C9949
Part of subcall function 00000001400C98F4: _callnewh.LIBCMT ref: 00000001400C9962
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C996D
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C9978

Strings

/restart, xrefs: 0000000140005433
Could not close the previous instance of this script. Keep waiting?, xrefs: 00000001400057E8
Clipboard, xrefs: 00000001400058E5, 0000000140005923
An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta, xrefs: 0000000140005755
=, xrefs: 0000000140005485
AutoHotkey, xrefs: 0000000140005725, 0000000140005792
A_Args, xrefs: 00000001400054F5, 00000001400055C9
/ErrorStdOut, xrefs: 000000014000546C
/force, xrefs: 0000000140005459
d, xrefs: 00000001400057E0

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window_errno$Sleep$FindInfoParametersSystem_invalid_parameter_noinfo$AllocateCriticalCurrentDirectoryErrorHeapInitializeMessageModePostSection_callnewhmallocwcsncpy
String ID: /ErrorStdOut$/force$/restart$=$A_Args$An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta$AutoHotkey$Clipboard$Could not close the previous instance of this script. Keep waiting?$d
API String ID: 1954826656-1873627173
Opcode ID: ae650afcf663256c217d6f629cef85cc4f32e63f2197e6f8d92b92c3da241540
Instruction ID: dd8eededd0c10b5e13e05dc8cc649975117e2db60f24090232c11ca2ab3db3f7
Opcode Fuzzy Hash: ae650afcf663256c217d6f629cef85cc4f32e63f2197e6f8d92b92c3da241540
Instruction Fuzzy Hash: BEF1AD71204A4185FA67EB27F8587EA23A1FB4EBC6F484125FB094B2B5EF39C845C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400027BB Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 447windowthreadCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001CCD
GetTickCount.KERNEL32 ref: 0000000140001D28
GetMessageW.USER32 ref: 0000000140001D6B
GetTickCount.KERNEL32 ref: 0000000140001D7A
ShowWindow.USER32 ref: 00000001400028D0
GetForegroundWindow.USER32(?,?,?,Unk,?,?,AutoHotkey v1.1.34.03,?,00000001400B40A9), ref: 0000000140002A33
GetWindowThreadProcessId.USER32 ref: 0000000140002A4A
GetClassNameW.USER32 ref: 0000000140002A6C
IsDialogMessageW.USER32 ref: 0000000140002AAE
SetCurrentDirectoryW.KERNEL32(?,?,?,Unk,?,?,AutoHotkey v1.1.34.03,?,00000001400B40A9), ref: 0000000140002ADE
DragFinish.SHELL32 ref: 00000001400030F1
GetTickCount.KERNEL32 ref: 00000001400031BF
wcsncpy.LIBCMT ref: 00000001400031DE
wcsncpy.LIBCMT ref: 0000000140003203
wcsncpy.LIBCMT ref: 000000014000323D
GetTickCount.KERNEL32 ref: 0000000140003265

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Windowwcsncpy$Message$ClassCurrentDialogDirectoryDragFinishForegroundNameProcessShowThread
String ID: #32770
API String ID: 1745663375-463685578
Opcode ID: f5949c54027de412605dc906a45027951cb8263133aa0641fc060d3ba85630f2
Instruction ID: 9adcb7608e3b5912f6cae034f1bf1df785d91989489aa1dfc37f7aeb7c979a48
Opcode Fuzzy Hash: f5949c54027de412605dc906a45027951cb8263133aa0641fc060d3ba85630f2
Instruction Fuzzy Hash: 85229FB2604A908AFB67CF27A8543E937A5F74DBD8F144111EB9A47BB8DB34C881C710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000D360 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 150
sleepsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQuitMessage.USER32(?,?,?,?,00000004,0000000140020168,?,?,?,?,?,000000014001FFB7), ref: 000000014000D36F
PostThreadMessageW.USER32 ref: 000000014000D3C4
Sleep.KERNEL32(?,?,?,?,00000004,0000000140020168,?,?,?,?,?,000000014001FFB7), ref: 000000014000D3D1
GetTickCount.KERNEL32 ref: 000000014000D3E1
GetExitCodeThread.KERNEL32(?,?,?,?,00000004,0000000140020168,?,?,?,?,?,000000014001FFB7), ref: 000000014000D3FC
GetTickCount.KERNEL32 ref: 000000014000D40C
Sleep.KERNEL32 ref: 000000014000D41D
CloseHandle.KERNEL32 ref: 000000014000D42C
CreateMutexW.KERNEL32 ref: 000000014000D457
CloseHandle.KERNEL32 ref: 000000014000D472
CreateMutexW.KERNEL32 ref: 000000014000D499
CloseHandle.KERNEL32 ref: 000000014000D4B5
UnhookWindowsHookEx.USER32 ref: 000000014000D502
UnregisterHotKey.USER32(?,?,?,?,00000004,0000000140020168,?,?,?,?,?,000000014001FFB7), ref: 000000014000D551

Strings

Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function., xrefs: 000000014000D4D0
AHK Keybd, xrefs: 000000014000D44C
AHK Mouse, xrefs: 000000014000D48E

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CloseHandle$CountCreateMessageMutexPostSleepThreadTick$CodeExitHookQuitUnhookUnregisterWindows
String ID: AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.
API String ID: 880717225-3816831916
Opcode ID: 691ffeff69625a426eb0d226c6c55468b2f968fd44beca9c6dc36bbd7b36932a
Instruction ID: ee0c93e1d367b6bb37e8967a00d4704616e743b3a7cb3ba9a70038f16dc6b00d
Opcode Fuzzy Hash: 691ffeff69625a426eb0d226c6c55468b2f968fd44beca9c6dc36bbd7b36932a
Instruction Fuzzy Hash: 8F6115B5201A4486FB5ADF23B8543E973A1FB4CBD5F448126EF4A4B674DF78C845C260

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AE5E0 Relevance: 19.7, APIs: 13, Instructions: 164
windowlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32 ref: 00000001400AE613
EnumResourceNamesW.KERNEL32 ref: 00000001400AE67B
FindResourceW.KERNEL32 ref: 00000001400AE698
LoadResource.KERNEL32 ref: 00000001400AE6AD
LockResource.KERNEL32 ref: 00000001400AE6BF
GetSystemMetrics.USER32 ref: 00000001400AE6DF
FindResourceW.KERNEL32 ref: 00000001400AE755
LoadResource.KERNEL32 ref: 00000001400AE769
LockResource.KERNEL32 ref: 00000001400AE777
SizeofResource.KERNEL32 ref: 00000001400AE78B
CreateIconFromResourceEx.USER32 ref: 00000001400AE7AE
ExtractIconW.SHELL32 ref: 00000001400AE80A

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Resource$Load$FindIconLock$CreateEnumExtractFromLibraryMetricsNamesSizeofSystem
String ID:
API String ID: 1568753105-0
Opcode ID: bf5cf0eac0535dc4ee3ac285ce4af58add8c4ebb572dc0f4135059d6b1350614
Instruction ID: 5e67394c059790e078517ede2989fa006ef941fa1bf1ec2f2b7a670e7c686c54
Opcode Fuzzy Hash: bf5cf0eac0535dc4ee3ac285ce4af58add8c4ebb572dc0f4135059d6b1350614
Instruction Fuzzy Hash: A251B3353057D085EE668F13A9107FD6291BB6CBC4F488625EF4A47BA4DB3CC885DB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035686 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 468windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
malloc.LIBCMT ref: 0000000140035A71

Strings

Out of memory., xrefs: 0000000140035AC3
Memory limit reached (see #MaxMem in the help file)., xrefs: 00000001400358C2

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockmalloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 425479435-457448710
Opcode ID: aea9631d8875eb1297522c51cbffe508ec115f1d45f45f1caf55fec94328e578
Instruction ID: 21452bfbd48cd9c2e257e9017a324c035cd6772a590aa016b7780e37c048e2bf
Opcode Fuzzy Hash: aea9631d8875eb1297522c51cbffe508ec115f1d45f45f1caf55fec94328e578
Instruction Fuzzy Hash: 8522A972604A4086FB67AB27E4503EA67A2F74DBE4F544216FB5A477F9DB38C881C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F7A0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 316
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.LIBCMT ref: 000000014001F7B9

Part of subcall function 00000001400C98F4: _FF_MSGBANNER.LIBCMT ref: 00000001400C9924
Part of subcall function 00000001400C98F4: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CEC94,?,?,00000000,00000001400CE54D,?,?,?,00000001400CE5F7,?,?,00000000,00000001400CD9E5), ref: 00000001400C9949
Part of subcall function 00000001400C98F4: _callnewh.LIBCMT ref: 00000001400C9962
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C996D
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C9978

SetTimer.USER32 ref: 000000014001F817

Strings

Out of memory., xrefs: 000000014001FD17
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014001FA85

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _errno$AllocateHeapTimer_callnewhmalloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2580226803-457448710
Opcode ID: 23dd054dbe13adb0c7d3c6965963c2ce4508e8a666d11ec448247c2af12b2528
Instruction ID: a6c0af6bf7abe16d19778c52d8ab339b6fa0f49596385cac15635f7498bfd594
Opcode Fuzzy Hash: 23dd054dbe13adb0c7d3c6965963c2ce4508e8a666d11ec448247c2af12b2528
Instruction Fuzzy Hash: A5F19A72204B8486FB169F22E8543E933A1F74CBD8F544526EF9A0B7B9CB79C491E350

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140020253 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 311timeCOMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNEL32 ref: 000000014002035C
GetSystemTimeAsFileTime.KERNEL32 ref: 0000000140020690

Strings

ErrorLevel, xrefs: 0000000140020400
Out of memory., xrefs: 00000001400206C9
Memory limit reached (see #MaxMem in the help file)., xrefs: 00000001400204A2

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Time$CurrentDirectoryFileSystem
String ID: ErrorLevel$Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2903961910-844184505
Opcode ID: 1497026fdaebaf35ad0501f899bf59664ccf56e71a0cdb74f9d9bb5819410455
Instruction ID: 5b0fb18adc7919b898192cef282c453b7b9ea4d0c0abf455b8ad9558cf9b6451
Opcode Fuzzy Hash: 1497026fdaebaf35ad0501f899bf59664ccf56e71a0cdb74f9d9bb5819410455
Instruction Fuzzy Hash: 9FD1CD72200B5082EB669F26E5543D963A1F78CBD8F44512AEF4E1B7BADF78C895C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140034DB5 Relevance: 9.4, APIs: 6, Instructions: 360windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 945eb79057d4bc2af58e1f6f5208b6994f0e394522c1b83182543644be4699bb
Instruction ID: ab54de9211088e778ad962a925a2fe739a93cee7b7946e82926188be5526a882
Opcode Fuzzy Hash: 945eb79057d4bc2af58e1f6f5208b6994f0e394522c1b83182543644be4699bb
Instruction Fuzzy Hash: 46F1B032A006408AFBA79B67E4503EA63A1E78DBD4F584126FF554B7F9DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001FDB9 Relevance: 6.2, APIs: 4, Instructions: 243COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 000000014001FDF9

Part of subcall function 000000014001F680: Shell_NotifyIconW.SHELL32 ref: 000000014001F76E

SetCurrentDirectoryW.KERNEL32 ref: 000000014001FE79
IsWindow.USER32 ref: 000000014002013D
DestroyWindow.USER32 ref: 000000014002015A

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$CurrentDestroyDirectoryIconNotifyShell_wcsncpy
String ID:
API String ID: 1905601840-0
Opcode ID: fc5c955b8cdfa3f8c3e97cd3fde9d0cb61e84d074daed185165f6c89b0e72734
Instruction ID: 859c4164af140e330fc3076a76c3de1e66f5393e354247a26859c03bf53cfab9
Opcode Fuzzy Hash: fc5c955b8cdfa3f8c3e97cd3fde9d0cb61e84d074daed185165f6c89b0e72734
Instruction Fuzzy Hash: 1DB19F36604B8486F72ADF26E8843DA77A1F78DF88F184119EB89077B6CB79C455C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AD4A0 Relevance: 6.1, APIs: 4, Instructions: 137fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE ref: 00000001400AD5AD
FindClose.KERNELBASE ref: 00000001400AD5C1
FindFirstFileW.KERNELBASE ref: 00000001400AD629
FindClose.KERNEL32 ref: 00000001400AD63C

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 732dd61e4d12536c05b6821fd2e6ff8c085cea335e567630bae68878e505d733
Instruction ID: 37cec6dd55ecfbab7f353d1eceec7038f952c6793465e49ef8df7e121af6198f
Opcode Fuzzy Hash: 732dd61e4d12536c05b6821fd2e6ff8c085cea335e567630bae68878e505d733
Instruction Fuzzy Hash: F851E032704B4091EA16CB2695043EE73A5FB59BE8F958316EB2E077E4EF78C44AC700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CE334 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 00000001400CE34A
GetVersion.KERNEL32 ref: 00000001400CE35C
HeapSetInformation.KERNEL32 ref: 00000001400CE37A

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Heap$CreateInformationVersion
String ID:
API String ID: 3563531100-0
Opcode ID: 0816b556edb65991565eee222bea11b75c11fb24656a1b6e71d81aba35be9268
Instruction ID: 0044b7d238adde3a21c409b2c787aa6d60fd6ad8af2109c50f8f69663e0185d4
Opcode Fuzzy Hash: 0816b556edb65991565eee222bea11b75c11fb24656a1b6e71d81aba35be9268
Instruction Fuzzy Hash: 54E09274211780C2FB8A6B12A849BE92252BB8C780F908415FB0A03BB4DF3CC1468710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C9E Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 264
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Strings

Parameter #2 invalid., xrefs: 0000000140036DB2
Delete, xrefs: 0000000140036D80
Target label does not exist., xrefs: 0000000140036CD9
Parameter #1 must not be blank in this case., xrefs: 0000000140036D3C
Parameter #1 invalid., xrefs: 0000000140036D06

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Delete$Parameter #1 invalid.$Parameter #1 must not be blank in this case.$Parameter #2 invalid.$Target label does not exist.
API String ID: 1623861271-14243736
Opcode ID: 15040459d1c44710db68912ad4c2c039ddf161c32c4336535dad528f6a1d86fd
Instruction ID: 6aea9627b842c6d263896ed2a19b8cdf88f5ad23a9aa8e1476c8e6746f22eac1
Opcode Fuzzy Hash: 15040459d1c44710db68912ad4c2c039ddf161c32c4336535dad528f6a1d86fd
Instruction Fuzzy Hash: FBD1AC71600A4085FB6BCB2BE8447EA27A1F74DBD4F948116FB59876F9DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002A02 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 237threadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,Unk,?,?,AutoHotkey v1.1.34.03,?,00000001400B40A9), ref: 0000000140002A33
GetWindowThreadProcessId.USER32 ref: 0000000140002A4A
GetClassNameW.USER32 ref: 0000000140002A6C
IsDialogMessageW.USER32 ref: 0000000140002AAE
SetCurrentDirectoryW.KERNEL32(?,?,?,Unk,?,?,AutoHotkey v1.1.34.03,?,00000001400B40A9), ref: 0000000140002ADE
DragFinish.SHELL32 ref: 00000001400030F1

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$ClassCurrentDialogDirectoryDragFinishForegroundMessageNameProcessThread
String ID: #32770
API String ID: 3456408793-463685578
Opcode ID: b5672df83f177aaf4d94880354b03927eb7155668d4e00c68f2fb1ead74e363d
Instruction ID: 1686ce99f4c2e6cee467174094901f2ef30cab2696115316d21a9a40ebbe9c09
Opcode Fuzzy Hash: b5672df83f177aaf4d94880354b03927eb7155668d4e00c68f2fb1ead74e363d
Instruction Fuzzy Hash: D1C13872205B8186EB67CF27A8543E937A5F74DBD4F144126EB5A4BBB4DB38C881C710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CCBE4 Relevance: 18.1, APIs: 12, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStartupInfoW.KERNEL32 ref: 00000001400CCBF6
_FF_MSGBANNER.LIBCMT ref: 00000001400CCC61
_FF_MSGBANNER.LIBCMT ref: 00000001400CCC8C
_RTC_Initialize.LIBCMT ref: 00000001400CCCA5
_amsg_exit.LIBCMT ref: 00000001400CCCB9
GetCommandLineW.KERNEL32 ref: 00000001400CCCBE
__wsetargv.LIBCMT ref: 00000001400CCCD7
_amsg_exit.LIBCMT ref: 00000001400CCCE5
_amsg_exit.LIBCMT ref: 00000001400CCCF8
_cinit.LIBCMT ref: 00000001400CCD02
_amsg_exit.LIBCMT ref: 00000001400CCD0D
_wwincmdln.LIBCMT ref: 00000001400CCD12

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _amsg_exit$CommandInfoInitializeLineStartup__wsetargv_cinit_wwincmdln
String ID:
API String ID: 697445056-0
Opcode ID: 70a88b387871dd31a161cfc8adbb81b69329148ee2148796033b70159f3a641d
Instruction ID: 5994fa0aa8a60b7263b3bec36d07affc534686b16c36f07f67a9b5f99dc989f2
Opcode Fuzzy Hash: 70a88b387871dd31a161cfc8adbb81b69329148ee2148796033b70159f3a641d
Instruction Fuzzy Hash: 9A41803061838186FB6FABA7E5957ED2191AB9C7C4F044039F70A872F3EF78C8858611

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FEC Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 237
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400C9AC4: _errno.LIBCMT ref: 00000001400C9AE2
Part of subcall function 00000001400C9AC4: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C9AED

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
_swprintf.LIBCMT ref: 00000001400380CF

Strings

%%%s%s%s, xrefs: 00000001400380C8
Integer, xrefs: 00000001400380DF
Float, xrefs: 0000000140037FF2

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo_swprintf
String ID: %%%s%s%s$Float$Integer
API String ID: 1431326264-2931010843
Opcode ID: b8684ffbea4a2bcb1a2132e051705b0d803992dafd313e705eee443d3c59072a
Instruction ID: 061f56755a61f1eae64034c3dec6e44dcfc4cd3d8810dc016e1101b95d6c11e4
Opcode Fuzzy Hash: b8684ffbea4a2bcb1a2132e051705b0d803992dafd313e705eee443d3c59072a
Instruction Fuzzy Hash: 38B18C71204B4085EB6B8B2BE8547EA77A1B74DBD4F904126FB6A877F5DB38C981C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400379A1 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 224
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetLastError.KERNEL32 ref: 0000000140037A49

Strings

Press OK to continue., xrefs: 00000001400379E6
Parameter #1 invalid., xrefs: 0000000140037A5D

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseErrorGlobalLastMessagePeekUnlock
String ID: Parameter #1 invalid.$Press OK to continue.
API String ID: 2934963523-108709617
Opcode ID: bca13ae7be15446951fca518aaf92d5ba8dcbb04a36106a853bb4108aff51f72
Instruction ID: cb63a26e0b780496296e5b5f43265a320e6c5d0305ebe14b8a5e0f269d51381c
Opcode Fuzzy Hash: bca13ae7be15446951fca518aaf92d5ba8dcbb04a36106a853bb4108aff51f72
Instruction Fuzzy Hash: CCB17E72604B4086FB678B27E8507EA67A1E78DBD4F544216FB6A476F9CB38C981C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038682 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 233
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Strings

%s\%s, xrefs: 00000001400386AA
ahk_default, xrefs: 0000000140038750

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: %s\%s$ahk_default
API String ID: 1623861271-75935552
Opcode ID: 3315e8d2f92fcceab09eeb666790f5f1347905ab0e05203c8667429a8828c4fc
Instruction ID: c4c1b6c3174e26563994b3d865493565911ca4790d29567b0c81689ce5380085
Opcode Fuzzy Hash: 3315e8d2f92fcceab09eeb666790f5f1347905ab0e05203c8667429a8828c4fc
Instruction Fuzzy Hash: 90B16972604B4086EB67CB27E8447EA67A1F74DBD4F944126FB6A476F9CB38C481C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400360FD Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 181
windowtimeclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
SendMessageTimeoutW.USER32 ref: 000000014003612C

Strings

Environment, xrefs: 0000000140036119

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID: Environment
API String ID: 3716859204-3233436149
Opcode ID: 7295ac9671a1e467c4b06784b7fe6cf83e763b82d1c4f46bbb01d4fbf4ee4fb8
Instruction ID: 8d6aef12bdef55169265ca319fe9be65f3c0bb79da459d72335fbc30a631e11e
Opcode Fuzzy Hash: 7295ac9671a1e467c4b06784b7fe6cf83e763b82d1c4f46bbb01d4fbf4ee4fb8
Instruction Fuzzy Hash: 9E917C72604B408AEB678B27E8543EA77A1F74DBD4F544116FB6A476F8CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140080E60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFullPathNameW.KERNEL32 ref: 0000000140080EC8
GetFullPathNameW.KERNEL32 ref: 0000000140080F0B
GetFileAttributesW.KERNEL32 ref: 0000000140080F49

Strings

\*.*, xrefs: 000000014008103A
\, xrefs: 0000000140080EE6
:, xrefs: 0000000140080FA7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: FullNamePath$AttributesFile
String ID: :$\$\*.*
API String ID: 2214166259-1634566093
Opcode ID: 39c2249281cb4e307a955e9384a54823a4805408a13b70aad8ad057d11510539
Instruction ID: 5011ce6003745c5f92050821b9696668e7917299025273b322591a0087d70ff8
Opcode Fuzzy Hash: 39c2249281cb4e307a955e9384a54823a4805408a13b70aad8ad057d11510539
Instruction Fuzzy Hash: 7571A93360568086EBB2CB75A4003EA73E5FB883A4F544315F7A947AF9DB78C685CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033314 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 352windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5

Strings

Jumps cannot exit a FINALLY block., xrefs: 000000014003897C

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ClipboardCloseCountGlobalMessagePeekTickUnlock
String ID: Jumps cannot exit a FINALLY block.
API String ID: 1792675829-672026804
Opcode ID: 561c9a7c3bbf41a098bed5b30bd29d174557c61a7729254925bc42d9d71ca345
Instruction ID: 7f10036c9cc37f1e85590b185cea7d833e599f5ec156f45a0384eeab0af7100a
Opcode Fuzzy Hash: 561c9a7c3bbf41a098bed5b30bd29d174557c61a7729254925bc42d9d71ca345
Instruction Fuzzy Hash: 13027632604B408AEB6B8B67E4803EE67A1F74DBD4F544126EF9A477B5DB38D981C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032E71 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 224
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400C986C: _errno.LIBCMT ref: 00000001400C9884
Part of subcall function 00000001400C986C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C988F

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Strings

CSV, xrefs: 0000000140032E71

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: CSV
API String ID: 130734711-2651001053
Opcode ID: c228477b7f7de7c55d3ba58e68037d479de28af02d476a85cdc4ebbdcd27bc7e
Instruction ID: dc10c5fa5826e41cddfddf06ccbc60d2646d2709f371a428c41325e297037f2d
Opcode Fuzzy Hash: c228477b7f7de7c55d3ba58e68037d479de28af02d476a85cdc4ebbdcd27bc7e
Instruction Fuzzy Hash: BCB15C72604B448AEB678B6BE4903EA77A1F74DBD4F504116FB9987BB8DB38C481C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036F61 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 218windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Strings

Target label does not exist., xrefs: 0000000140036FBF

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Target label does not exist.
API String ID: 1623861271-2507343300
Opcode ID: 8c1b8220d21903e3e0e86c0397e21edfa0c202d24dbc1b3600f86441994a0cf9
Instruction ID: 6291b6f94d6353b228798434c265f17630c1ef41249e4fea711c3079aa1d7ac4
Opcode Fuzzy Hash: 8c1b8220d21903e3e0e86c0397e21edfa0c202d24dbc1b3600f86441994a0cf9
Instruction Fuzzy Hash: C1B17A72204B4485FB6B8B2BE8547EA67A1F74DBE4F544116EBA9477F8DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036683 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Strings

Parameter #4 invalid., xrefs: 00000001400366A1

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #4 invalid.
API String ID: 1623861271-2921795276
Opcode ID: e60f1e241d85f3ca73832605bc5f23f8bea69aaaa2d7afc9b38768b71d785a0a
Instruction ID: 70596d9009565eb01a0ceca36ec28d3e148e86007aca9024dfd70dfa4a97d8df
Opcode Fuzzy Hash: e60f1e241d85f3ca73832605bc5f23f8bea69aaaa2d7afc9b38768b71d785a0a
Instruction Fuzzy Hash: 87A14972204B4486EB678B2BE8547EA67A1F78DBD4F504116FBAA477F9DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003824B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 195windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Strings

Parameter #1 invalid., xrefs: 00000001400387F8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: ff0f0399a1ec3aec6cbf05803d4653c119bdd6a87fecf0d14daa76df8059c98f
Instruction ID: 6decdd80d6993b42f21f16bbb5c9f020c1df0af37040caf091929099d10dc1fb
Opcode Fuzzy Hash: ff0f0399a1ec3aec6cbf05803d4653c119bdd6a87fecf0d14daa76df8059c98f
Instruction Fuzzy Hash: C2915B72604B408AFB678B2BE8543EA67A1F74DBD4F544116FB6A476F9CB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C29 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Strings

Target label does not exist., xrefs: 0000000140036C4F

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Target label does not exist.
API String ID: 1623861271-2507343300
Opcode ID: 2ae4a0e1a5ca341105cd7edd269f898309786633845dc37b16afee76a84bbee3
Instruction ID: d1c5810a5e4b3c52e67edff7694ab8928db8c111530e940f89fd677265cfc6d5
Opcode Fuzzy Hash: 2ae4a0e1a5ca341105cd7edd269f898309786633845dc37b16afee76a84bbee3
Instruction Fuzzy Hash: E1916B72604B4086EB6B9B2BE8943EA77A1F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400373AE Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Part of subcall function 00000001400C986C: _errno.LIBCMT ref: 00000001400C9884
Part of subcall function 00000001400C986C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C988F

Strings

wait, xrefs: 00000001400373BB

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: wait
API String ID: 130734711-2112783333
Opcode ID: 9c59289a01d2590ead8cba9a31abccf6247afe123a0e4cfd36b6611e4edcbe20
Instruction ID: 86e6084e31e5676e9668fa010a65d272b8f23fae0942c397d5b149d878d2717d
Opcode Fuzzy Hash: 9c59289a01d2590ead8cba9a31abccf6247afe123a0e4cfd36b6611e4edcbe20
Instruction Fuzzy Hash: B1918D72204A4086FB678B27E8943EA67A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037F74 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Strings

Parameter #1 invalid., xrefs: 00000001400387F8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: d26bc31c92d9e547ee6f309e3f73b1d8d861845ab097dc8563fc4d514af778a9
Instruction ID: 71e6888bc6d91c0d22c29272f9b31c2637318ecef0f6e6388af1bbefbd377dd7
Opcode Fuzzy Hash: d26bc31c92d9e547ee6f309e3f73b1d8d861845ab097dc8563fc4d514af778a9
Instruction Fuzzy Hash: 45915C72604A4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003879E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Strings

Parameter #1 invalid., xrefs: 00000001400387F8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: ffef770461783774e5bbe169fac88499df9319bd233c72d3fc3def7d0df218f7
Instruction ID: 8a0fcb581157381abfbc7296d17daccef71f0693c918881cd7b1de6799dd7ad4
Opcode Fuzzy Hash: ffef770461783774e5bbe169fac88499df9319bd233c72d3fc3def7d0df218f7
Instruction Fuzzy Hash: 62916D72604B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400387E7 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Strings

Parameter #1 invalid., xrefs: 00000001400387F8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: Parameter #1 invalid.
API String ID: 1623861271-1208927624
Opcode ID: dff88965800a727c5990cc913f15cba609a38ce1e021a4e453d68581564ba74a
Instruction ID: 00c2cb68e71bf1f7e51687eb9ccaf0a78ae2c9bbdf2c2f6c25a8f50393a005a3
Opcode Fuzzy Hash: dff88965800a727c5990cc913f15cba609a38ce1e021a4e453d68581564ba74a
Instruction Fuzzy Hash: 1B915C72604B4086EB679B2BE8943EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037C12 Relevance: 12.2, APIs: 8, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
IsWindow.USER32 ref: 0000000140037C1E
DestroyWindow.USER32 ref: 0000000140037C2F

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseDestroyGlobalMessagePeekUnlock
String ID:
API String ID: 2997888913-0
Opcode ID: d468257893893d42394ecfaf9ab33bd3ec01df53995d9215efebe94a6cba18b4
Instruction ID: 06d94487a9fe5bb1857a046f5022ff9328105a893332ae8eafb33d59bb21b96f
Opcode Fuzzy Hash: d468257893893d42394ecfaf9ab33bd3ec01df53995d9215efebe94a6cba18b4
Instruction Fuzzy Hash: 44916B72600B4486EB6B8B27E8543EA77A2F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032F2D Relevance: 10.8, APIs: 7, Instructions: 260clipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
GetCPInfo.KERNEL32 ref: 0000000140032F79

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ClipboardCloseCountGlobalInfoTickUnlock
String ID:
API String ID: 3668674636-0
Opcode ID: 33bb54c7d427e422cb09bd2acc705329037b4415f48b749c9547c5fe0a481e6c
Instruction ID: 397a880e6f296bbc1f12a40d719d88740c55515b1ac29f296036d56a24f2cdc6
Opcode Fuzzy Hash: 33bb54c7d427e422cb09bd2acc705329037b4415f48b749c9547c5fe0a481e6c
Instruction Fuzzy Hash: 46D14B72600B8489EB778F26E8907DA77A1F74DB94F504216EB694BBF8DB38C581C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400331C6 Relevance: 10.7, APIs: 7, Instructions: 230registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
RegCloseKey.ADVAPI32 ref: 000000014003326D

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CloseCountTick$ClipboardGlobalMessagePeekUnlock
String ID:
API String ID: 4107439908-0
Opcode ID: 719c12cb9adea9a375ae288de076c3e5229c845b7ccf47c00d56c9c62ed21f1b
Instruction ID: 84873feb19c15d26d9e19a6224174e2ee08982b9bf22e502baabe99be720b3a8
Opcode Fuzzy Hash: 719c12cb9adea9a375ae288de076c3e5229c845b7ccf47c00d56c9c62ed21f1b
Instruction Fuzzy Hash: 98B16C72604B448AEB678B6BE8903EA77A1F74DBD4F504116EB5A47BB8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400385B7 Relevance: 10.7, APIs: 7, Instructions: 217registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
RegCloseKey.ADVAPI32 ref: 00000001400385A8

Part of subcall function 00000001400A8F70: RegCreateKeyExW.ADVAPI32 ref: 00000001400A8FEC
Part of subcall function 00000001400A8F70: RegCloseKey.ADVAPI32 ref: 00000001400A92C5
Part of subcall function 00000001400A8F70: GetLastError.KERNEL32 ref: 00000001400A92D4

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Close$CountTick$ClipboardCreateErrorGlobalLastMessagePeekUnlock
String ID:
API String ID: 2674141723-0
Opcode ID: 190d94947b4fedb057dd20c6e050789cf525fa301817514bd3f294397ea3c890
Instruction ID: e3deca5fe8b7128716d6cf662bd1f29500e55feecc959e885e34114aad313c7b
Opcode Fuzzy Hash: 190d94947b4fedb057dd20c6e050789cf525fa301817514bd3f294397ea3c890
Instruction Fuzzy Hash: E5B14772604B4086EB6B8B27E8947EA77A1F74DBD4F544116EBAA477F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038515 Relevance: 10.7, APIs: 7, Instructions: 203registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
RegCloseKey.ADVAPI32 ref: 00000001400385A8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CloseCountTick$ClipboardGlobalMessagePeekUnlock
String ID:
API String ID: 4107439908-0
Opcode ID: 230c5ca6e516182274a610d1ab019b10a9a31d1762d112a38ee0bf363c47b732
Instruction ID: c46156ec96217f9167ba354e42885b254d1cf61f5b34b16ae00f9724c83f73dc
Opcode Fuzzy Hash: 230c5ca6e516182274a610d1ab019b10a9a31d1762d112a38ee0bf363c47b732
Instruction Fuzzy Hash: A7A18972600B4086EB6B8B6BE8947EA77A1F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037556 Relevance: 10.7, APIs: 7, Instructions: 198filewindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
MoveFileW.KERNEL32 ref: 0000000140037579

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseFileGlobalMessageMovePeekUnlock
String ID:
API String ID: 1818255640-0
Opcode ID: b89139bbd1526d72c8e0439bb6ab743a93f96f8b1fedc2cf7fc6dca846bbfb40
Instruction ID: 25a9c94d8924dba4c97b4f78db3db2f5aa95f36a2e0d87645232472f900f2bb2
Opcode Fuzzy Hash: b89139bbd1526d72c8e0439bb6ab743a93f96f8b1fedc2cf7fc6dca846bbfb40
Instruction Fuzzy Hash: 23A15C72604B4086EB6B9B2BE8947EA77A1F74DBD0F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003734C Relevance: 10.7, APIs: 7, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
Beep.KERNEL32 ref: 00000001400373A3

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$BeepClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 3141429382-0
Opcode ID: 8433ba2026ae7cc2509999811a42026e9353b941b4f0b8e9c4c82d6891bc3aae
Instruction ID: b116ebe7a77d1d7462ffbbad3995a8e124a34a82f1e6de9f0c1fc81788d9f087
Opcode Fuzzy Hash: 8433ba2026ae7cc2509999811a42026e9353b941b4f0b8e9c4c82d6891bc3aae
Instruction Fuzzy Hash: 25916E72600A4486FB6B9B2BE8543EA77A1F74DBD0F544116FB6A876F5CB38C981C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036A99 Relevance: 10.7, APIs: 7, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400678C0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,0000000140048892), ref: 00000001400678F3
Part of subcall function 00000001400678C0: IsWindowVisible.USER32 ref: 0000000140067914

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
SetWindowTextW.USER32 ref: 0000000140036AC7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTickWindow$ClipboardCloseForegroundGlobalMessagePeekTextUnlockVisible
String ID:
API String ID: 1043259673-0
Opcode ID: d7d74bfb06cdff1052d9f1972af57d0f8b9f3785508e3ffffc5684e2d589a9d3
Instruction ID: 407fc42bf9c84bc1a670589c8cec3cd03bf36d806948dc0c694cd07d46e1d877
Opcode Fuzzy Hash: d7d74bfb06cdff1052d9f1972af57d0f8b9f3785508e3ffffc5684e2d589a9d3
Instruction Fuzzy Hash: 30917A72604B4086EB6B8B27E8543EA77A2F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037484 Relevance: 10.7, APIs: 7, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
SHEmptyRecycleBinW.SHELL32 ref: 000000014003749C

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseEmptyGlobalMessagePeekRecycleUnlock
String ID:
API String ID: 2387848762-0
Opcode ID: 7745e7d4e99cfaec00e63f0aec3c4a6c2b8e6e1b1a703cf6d0a49a303e34ae47
Instruction ID: 66d6976f60aa9b0363a9b132fdba440554b6c927ad5c480b7067aab50ca62e8e
Opcode Fuzzy Hash: 7745e7d4e99cfaec00e63f0aec3c4a6c2b8e6e1b1a703cf6d0a49a303e34ae47
Instruction Fuzzy Hash: 44916D72604B4086EB6B9B27E8543EA77A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400375DA Relevance: 10.7, APIs: 7, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140064C20: GetFileAttributesW.KERNELBASE ref: 0000000140064C4E
Part of subcall function 0000000140064C20: SetLastError.KERNEL32 ref: 0000000140064C60

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
GetLastError.KERNEL32 ref: 00000001400375EE

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ErrorLast$AttributesClipboardCloseFileGlobalMessagePeekUnlock
String ID:
API String ID: 3508199841-0
Opcode ID: c71ce566e1d91bb1abc311c352e7d0d25b4c18a6ae30bf797bd03c6827f3adc0
Instruction ID: 1cc576623d13ba16597448e00bacd0ed29b2628030c199559f57493d9121099e
Opcode Fuzzy Hash: c71ce566e1d91bb1abc311c352e7d0d25b4c18a6ae30bf797bd03c6827f3adc0
Instruction Fuzzy Hash: A0916A72604B4086EB6B9B2BE8543EA77A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400360D5 Relevance: 10.7, APIs: 7, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
SetEnvironmentVariableW.KERNEL32 ref: 00000001400360E3

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseEnvironmentGlobalMessagePeekUnlockVariable
String ID:
API String ID: 2791281230-0
Opcode ID: 69db08524d877ca4a203d4131316ffbcf4264c428335cf9130b462dc11de4ba1
Instruction ID: 9368494d4ef6718d14e071362f3a9a1bae5c800bcf7089c088ffcb81cb3e318d
Opcode Fuzzy Hash: 69db08524d877ca4a203d4131316ffbcf4264c428335cf9130b462dc11de4ba1
Instruction Fuzzy Hash: 08914C72604B4086EB6B9B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400383A3 Relevance: 10.7, APIs: 7, Instructions: 167keyboardwindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
BlockInput.USER32 ref: 00000001400383AA

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$BlockClipboardCloseGlobalInputMessagePeekUnlock
String ID:
API String ID: 3677732381-0
Opcode ID: b4332d581cf991dd7661b7049c4efd5ffdc308877da2b7da3e4afa10a8667f49
Instruction ID: 0f3842e126576e93e49fcce0345c8c3317d1d65f4670e08ca70ae8daaa6f445b
Opcode Fuzzy Hash: b4332d581cf991dd7661b7049c4efd5ffdc308877da2b7da3e4afa10a8667f49
Instruction Fuzzy Hash: E8817D72600B4086EB6B9B2BE8543EA77A2F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400383BB Relevance: 10.7, APIs: 7, Instructions: 167keyboardwindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
BlockInput.USER32 ref: 00000001400383BD

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$BlockClipboardCloseGlobalInputMessagePeekUnlock
String ID:
API String ID: 3677732381-0
Opcode ID: fbe9cd3316ec21733e7d89cb28343299ba8a61f5253220bd0d068a099a52897e
Instruction ID: 9f9784021859e4af3b3c380a808a709c87fd096ed58e53fa6d6b2b622caa3f67
Opcode Fuzzy Hash: fbe9cd3316ec21733e7d89cb28343299ba8a61f5253220bd0d068a099a52897e
Instruction Fuzzy Hash: 66817E72600B4086EB6B9B27E8543EA77A2F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400387B7 Relevance: 10.7, APIs: 7, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7
OutputDebugStringW.KERNEL32 ref: 00000001400387BE

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseDebugGlobalMessageOutputPeekStringUnlock
String ID:
API String ID: 1875564215-0
Opcode ID: 479ceb098433f222bc6254424d26e7af6254de9a317c9f84a1bd60b848d5e4c9
Instruction ID: 37861e81c452b9518b143af0734b0ef5fb4c7e801dfc2821a7f4900eb586ac62
Opcode Fuzzy Hash: 479ceb098433f222bc6254424d26e7af6254de9a317c9f84a1bd60b848d5e4c9
Instruction Fuzzy Hash: DE816D72600B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C9D2C Relevance: 10.6, APIs: 7, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

_lock.LIBCMT ref: 00000001400C9D55

Part of subcall function 00000001400CE5D4: _amsg_exit.LIBCMT ref: 00000001400CE5FE

DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9F19,?,?,00000000,00000001400CE603,?,?,00000000,00000001400CD9E5), ref: 00000001400C9D88
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9F19,?,?,00000000,00000001400CE603,?,?,00000000,00000001400CD9E5), ref: 00000001400C9DA6
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9F19,?,?,00000000,00000001400CE603,?,?,00000000,00000001400CD9E5), ref: 00000001400C9DE6
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9F19,?,?,00000000,00000001400CE603,?,?,00000000,00000001400CD9E5), ref: 00000001400C9E00
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9F19,?,?,00000000,00000001400CE603,?,?,00000000,00000001400CD9E5), ref: 00000001400C9E10
ExitProcess.KERNEL32 ref: 00000001400C9E9C

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: DecodePointer$ExitProcess_amsg_exit_lock
String ID:
API String ID: 3411037476-0
Opcode ID: 682e7c4c9f31b62f499d660a4a7c3cbab8bc55fc4893b5d70249ca22e9bc3579
Instruction ID: 431df7aedf8a09deb762b587ea3cd228e0d713eb8d84ad3723387e87d662f575
Opcode Fuzzy Hash: 682e7c4c9f31b62f499d660a4a7c3cbab8bc55fc4893b5d70249ca22e9bc3579
Instruction Fuzzy Hash: 4E41293121AB8081EA5A9F13F8483A972A5FB9CBD4F148025FB8E477B5EF78C456C711

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140020810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32 ref: 0000000140020852
SizeofResource.KERNEL32 ref: 0000000140020869
LoadResource.KERNEL32 ref: 0000000140020880
LockResource.KERNEL32 ref: 0000000140020892

Part of subcall function 00000001400CAFB0: malloc.LIBCMT ref: 00000001400CAFCA

Part of subcall function 000000014001E4B0: GetCPInfo.KERNEL32 ref: 000000014001E4F1

Strings

Could not extract script from EXE., xrefs: 0000000140020918
>AUTOHOTKEY SCRIPT<, xrefs: 000000014002082D

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Resource$FindInfoLoadLockSizeofmalloc
String ID: >AUTOHOTKEY SCRIPT<$Could not extract script from EXE.
API String ID: 3366556718-1775548002
Opcode ID: f73f361428da554404e11a9a454f27ea623f9d261b8b9ef484fed1e2ec94c43d
Instruction ID: f0aad923bcce4ac5a6d1ad4f0f86a6197a1bc3d56886bf0c70e666c9a9d1aa79
Opcode Fuzzy Hash: f73f361428da554404e11a9a454f27ea623f9d261b8b9ef484fed1e2ec94c43d
Instruction Fuzzy Hash: B8318B35304B4181FB568B53E4043AAA7A0FB4CBD4F488029AF8D0BBAADF3CC545CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000274F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64threadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,Unk,?,?,AutoHotkey v1.1.34.03,?,00000001400B40A9), ref: 0000000140002A33
GetWindowThreadProcessId.USER32 ref: 0000000140002A4A
GetClassNameW.USER32 ref: 0000000140002A6C
IsDialogMessageW.USER32 ref: 0000000140002AAE
SetCurrentDirectoryW.KERNEL32(?,?,?,Unk,?,?,AutoHotkey v1.1.34.03,?,00000001400B40A9), ref: 0000000140002ADE

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$ClassCurrentDialogDirectoryForegroundMessageNameProcessThread
String ID: #32770
API String ID: 2633243691-463685578
Opcode ID: c0d466640634422e8d88aa0a6381f22326dfc4dee6434734a0e2cbca9e7ef773
Instruction ID: 653ff47d109f8b38221a5fad1675112a00a1d472a14d16cbf21ae06272d5dcbe
Opcode Fuzzy Hash: c0d466640634422e8d88aa0a6381f22326dfc4dee6434734a0e2cbca9e7ef773
Instruction Fuzzy Hash: A43128B120978982FA6BCF17E8583E83791A74DBD4F084026EB0A573B4DF78D586C711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400322D0 Relevance: 9.3, APIs: 6, Instructions: 309windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 60ca621b781104d7c4b132eb2a638b2513b3fc7353f07d92047c6c8aeb861f4e
Instruction ID: eb38722b66658d01a4112d18e2748212ef6661d198a74f4463a9ec779d1762b2
Opcode Fuzzy Hash: 60ca621b781104d7c4b132eb2a638b2513b3fc7353f07d92047c6c8aeb861f4e
Instruction Fuzzy Hash: 22E19A32604B8089EB67CB6AE8443EA77A1F74DBE4F544226EF99477B5DB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400370FA Relevance: 9.3, APIs: 6, Instructions: 270windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e4633538d3e02e8fb5cc716dc2e3f7e7b5d2de946f601308e6ce2e7729a22fc1
Instruction ID: 93df3a886b6f82453f8e0afab4c49f615d99c87bf9f28b5222db8b83427aa68c
Opcode Fuzzy Hash: e4633538d3e02e8fb5cc716dc2e3f7e7b5d2de946f601308e6ce2e7729a22fc1
Instruction Fuzzy Hash: D2C17032604B4486EB679B2BE4907EA77A2B78DBD0F544216FB5A477F5CB38C881C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037A7C Relevance: 9.2, APIs: 6, Instructions: 234windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ClipboardCloseCountGlobalMessagePeekTickUnlock
String ID:
API String ID: 1792675829-0
Opcode ID: ad8090843782830ac102bb8591cb6546dd881ab65d9a2f446004563fc0946197
Instruction ID: 185ac37b67707229f4705da5afabfbdd3c79a85658a6db57f3a9baf2163377a9
Opcode Fuzzy Hash: ad8090843782830ac102bb8591cb6546dd881ab65d9a2f446004563fc0946197
Instruction Fuzzy Hash: 4EC14772604B4486EB679B2BE8507EA77A1F78DBD0F504116EB5A4B7F9DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036EA5 Relevance: 9.2, APIs: 6, Instructions: 208windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7daae3bbfe2656edc3440fedd0ebc17aefcdf0eccb84622be277cd3f6026c047
Instruction ID: 0b4dac125b1ad67060eecffbf7088b3cb5c58a60fb87701a7d26085cfe2b98da
Opcode Fuzzy Hash: 7daae3bbfe2656edc3440fedd0ebc17aefcdf0eccb84622be277cd3f6026c047
Instruction Fuzzy Hash: 35A15C72600A4086EB6B9B2BE4543EA77A1F74DBD4F544116FB6A4B7F5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035BA2 Relevance: 9.2, APIs: 6, Instructions: 205windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400536A0: GetForegroundWindow.USER32 ref: 00000001400537E9
Part of subcall function 00000001400536A0: IsIconic.USER32 ref: 00000001400537FA
Part of subcall function 00000001400536A0: GetWindowRect.USER32 ref: 000000014005380F

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseForegroundGlobalIconicMessagePeekRectUnlock
String ID:
API String ID: 1613694844-0
Opcode ID: 13c631178269cba8a507aaec7c42fe60593e6e78718572eb9b7737abe8e505db
Instruction ID: e77e3cf3c686a5ee96b0d35c34fadfada367f514c9f1c4bf888e434bea6bb752
Opcode Fuzzy Hash: 13c631178269cba8a507aaec7c42fe60593e6e78718572eb9b7737abe8e505db
Instruction Fuzzy Hash: 88A15C72604A408AEB679B27E4543EA77A1F74DBD4F544116FB6987BF9CB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032DB8 Relevance: 9.2, APIs: 6, Instructions: 203windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 8e92c2f0597b62b4faaf404cda46a47742f53bf9e717b9137e48675b316fc839
Instruction ID: c4074f1aef120996afd8e074ea4e0cb467dc84a8264f663705672889804f5aa7
Opcode Fuzzy Hash: 8e92c2f0597b62b4faaf404cda46a47742f53bf9e717b9137e48675b316fc839
Instruction Fuzzy Hash: 4CA17F72604B448AEB678B67E4903EA77A1F74DBD4F544116EBAA47BF8DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003282B Relevance: 9.2, APIs: 6, Instructions: 199windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 311da70664323771c15349ee0219bd50cf53e74a251c9de3ccdc7ac0ce9cd9eb
Instruction ID: 0b5a6562b7958a333828f664329ce175df2ccd2aa76877700b26c345315748b6
Opcode Fuzzy Hash: 311da70664323771c15349ee0219bd50cf53e74a251c9de3ccdc7ac0ce9cd9eb
Instruction Fuzzy Hash: 1FA17D72600B4485EB6B8B2BE8543EA77A1FB4DBE4F544125EBAA477F4DB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032DCB Relevance: 9.2, APIs: 6, Instructions: 199windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f8955b97fa07d930bda3fd2af5a67a6c1779c55707eb75b8fe425b90107a84cc
Instruction ID: 2114b3c8cc53183b10ed3baa580dee0acde5bb8833df5387d044c80dc1666353
Opcode Fuzzy Hash: f8955b97fa07d930bda3fd2af5a67a6c1779c55707eb75b8fe425b90107a84cc
Instruction Fuzzy Hash: FAA17F72604B448AEB678B6BE4903EA77A1F74DBD4F544116EBAA477F8DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037058 Relevance: 9.2, APIs: 6, Instructions: 198windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Part of subcall function 00000001400C986C: _errno.LIBCMT ref: 00000001400C9884
Part of subcall function 00000001400C986C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C988F

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID:
API String ID: 130734711-0
Opcode ID: 4f826e84d4752c83cbf00fb19eae188459a642d3719fe83d5edf6e2888a4b56e
Instruction ID: bc8471bc7b9a8f4e81362acec51e1966cebf3d594b72b05cd0538ed0f6e59929
Opcode Fuzzy Hash: 4f826e84d4752c83cbf00fb19eae188459a642d3719fe83d5edf6e2888a4b56e
Instruction Fuzzy Hash: 8AA19C32600B4085FB6B9B2BE8543EA67A2F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037916 Relevance: 9.2, APIs: 6, Instructions: 197windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Part of subcall function 0000000140056DC0: SendMessageW.USER32(?,0000000140037911), ref: 0000000140056F69

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountMessageTick$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 38145316-0
Opcode ID: 8e8f0dae052dfa317fd487e633e83902ebd8c65890353130b7e66dc273469bea
Instruction ID: 208f76c2936a5c6eb0eda6e793137fe5459728f9d78fb93b1abd91b05f14010a
Opcode Fuzzy Hash: 8e8f0dae052dfa317fd487e633e83902ebd8c65890353130b7e66dc273469bea
Instruction Fuzzy Hash: E6A16D72604A4086EB6B8B27E4943EA77A1F74DBD4F544116FB6A876F5CB38C981C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032E3D Relevance: 9.2, APIs: 6, Instructions: 195windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e81a1d09267861deb680743a1970019c35ca2d29e0db0ee9586c0db81ce99fb9
Instruction ID: dec41107d4e95333bd2b404fb9695a36dde52d22d7ea863d155c56e14acee22a
Opcode Fuzzy Hash: e81a1d09267861deb680743a1970019c35ca2d29e0db0ee9586c0db81ce99fb9
Instruction Fuzzy Hash: 68A17F72600B448AEB678B6BE4943EA77A1F74DBD4F544116EB6A477F8DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032E0E Relevance: 9.2, APIs: 6, Instructions: 194windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a6acde2c1bb1f6d4dd27f6bfd248a2174346e03e147bb8e4214224a3f62e7031
Instruction ID: db1f4416a3e0f5f75e6dfe4a0a90ec1ad4e886e8f14047d2a44c4acd117d18de
Opcode Fuzzy Hash: a6acde2c1bb1f6d4dd27f6bfd248a2174346e03e147bb8e4214224a3f62e7031
Instruction Fuzzy Hash: A0A17D72600B448AEB678B6BE4943EA77A1F74DBD4F544116EB6A477F8DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400339BE Relevance: 9.2, APIs: 6, Instructions: 193COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400322D0: GlobalUnlock.KERNEL32 ref: 0000000140032391
Part of subcall function 00000001400322D0: CloseClipboard.USER32 ref: 000000014003239E
Part of subcall function 00000001400322D0: GetTickCount.KERNEL32 ref: 00000001400323B1
Part of subcall function 00000001400322D0: PeekMessageW.USER32 ref: 00000001400323E5
Part of subcall function 00000001400322D0: GetTickCount.KERNEL32 ref: 00000001400323F9

GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 47ab3be0b930d1783f6e87c9139e13263aa67628104e492ebdc8d92a0d0320e4
Instruction ID: 5b3d9e792f16a2cbf1c8f1aa7c70b894a21ee5f19bba4582db0c2e5f7bb8e517
Opcode Fuzzy Hash: 47ab3be0b930d1783f6e87c9139e13263aa67628104e492ebdc8d92a0d0320e4
Instruction Fuzzy Hash: BF918E72600B4485EB678B2BE4543EA77A1FB4DBE4F544216EFA9476F9CB38C981C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037736 Relevance: 9.2, APIs: 6, Instructions: 192windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 6ab373c38bece95a3428d51cc1fb99976977b8f619726ab5653671225e3688ad
Instruction ID: 3300cd889de9f7e6b5f7b7624876ff365077f81060a1958ec16b89af0e2ee859
Opcode Fuzzy Hash: 6ab373c38bece95a3428d51cc1fb99976977b8f619726ab5653671225e3688ad
Instruction Fuzzy Hash: 96916B72604B4086EB6B8B27E8947EA77A1F74DBD0F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037BB0 Relevance: 9.2, APIs: 6, Instructions: 192windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 1c09a1e4342203dcf23758ac86f1bf3c10a78ac7c5cc22d34cc643dac87349c1
Instruction ID: 09f3608c4d192ad1d6672a9df71322bb8eb7afbd93f1800d70e7767527a07b4d
Opcode Fuzzy Hash: 1c09a1e4342203dcf23758ac86f1bf3c10a78ac7c5cc22d34cc643dac87349c1
Instruction Fuzzy Hash: F1917C72604A4486EB6B8B2BE8547EA77A1F74DBD0F544116FB6A877F5CB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036E22 Relevance: 9.2, APIs: 6, Instructions: 192windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Part of subcall function 00000001400C986C: _errno.LIBCMT ref: 00000001400C9884
Part of subcall function 00000001400C986C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C988F

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID:
API String ID: 130734711-0
Opcode ID: 733376dd1a874cf1bd077a4e0cfbb95a07116f316a755fba6ecd9d3c9c906c1e
Instruction ID: e5ef7ba24d87c56c158a7c18c3b0afea2e4ede652da0d5a7df844b073726d31f
Opcode Fuzzy Hash: 733376dd1a874cf1bd077a4e0cfbb95a07116f316a755fba6ecd9d3c9c906c1e
Instruction Fuzzy Hash: C4A19F72600B4086EB6B8B2BE8543EA77A1F74DBE4F544215FBAA476F5CB38C481C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400372F2 Relevance: 9.2, APIs: 6, Instructions: 190windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: b49bf63af7704dc42453fefc23ab06cce89032b342bb9ee02e22403a6aa1ef5e
Instruction ID: dbca15f3f2fb7dc3b695da84e4d17039d2a5d82dae49ce11f45402f406ecf37c
Opcode Fuzzy Hash: b49bf63af7704dc42453fefc23ab06cce89032b342bb9ee02e22403a6aa1ef5e
Instruction Fuzzy Hash: 94916E72604B4086EB6B9B2BE8543EA77A1F74DBD0F544116FB6A876F5CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037691 Relevance: 9.2, APIs: 6, Instructions: 190windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: bd3e30a70eb46f0eff50ed4c7e45f5e559cf3f036d12ceaf3ddca564f9f9b9d6
Instruction ID: 9c68ccc999f1dd391b01d79f9a3fe7cb71b56c16421fb93d2d9e025b28af98e2
Opcode Fuzzy Hash: bd3e30a70eb46f0eff50ed4c7e45f5e559cf3f036d12ceaf3ddca564f9f9b9d6
Instruction Fuzzy Hash: E3918C72604A4086EB6B8B2BE8543EA77A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003814E Relevance: 9.2, APIs: 6, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 0a34fb45beebf92788d3e0ff895cdfac594d4e924142acb9a32cdda1ca5e9a7e
Instruction ID: 258b6834059cca980af36bd183b34c1df1c2caa46bd37c9602f3d61405128880
Opcode Fuzzy Hash: 0a34fb45beebf92788d3e0ff895cdfac594d4e924142acb9a32cdda1ca5e9a7e
Instruction Fuzzy Hash: 50916E72204B4486EB6B8B27E8547EA77A1F74DBD0F544116EBA9477F9DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400352F6 Relevance: 9.2, APIs: 6, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 20edbbce9cb6901117c65ce76e329e310560c12dee1df98d047ddfd1828ffa56
Instruction ID: 2451691c6696e514d3d9157cd5600ffa4b692f170f9df3ffed71c2e299eacaf9
Opcode Fuzzy Hash: 20edbbce9cb6901117c65ce76e329e310560c12dee1df98d047ddfd1828ffa56
Instruction Fuzzy Hash: EC917C72604B4086EB679B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037509 Relevance: 9.2, APIs: 6, Instructions: 187windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e01b79c4bb7aeb71af2e2d014fe97d51c1cd79387d7823c9e691bf1daab62abc
Instruction ID: 2cd6803c8f52dbf4ed67081cb67a52c0a85ee1c4e69bff4fd4bce00c84c45686
Opcode Fuzzy Hash: e01b79c4bb7aeb71af2e2d014fe97d51c1cd79387d7823c9e691bf1daab62abc
Instruction Fuzzy Hash: 67917D72604B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037613 Relevance: 9.2, APIs: 6, Instructions: 187windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Part of subcall function 0000000140081130: RemoveDirectoryW.KERNEL32 ref: 000000014008113B

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseDirectoryGlobalMessagePeekRemoveUnlock
String ID:
API String ID: 1863380684-0
Opcode ID: 4aa196ad67cc3a7e12ecc588b55ec5c5dc6742e4c44c42d9fb2464e4d2039d99
Instruction ID: 13e38b4fa019d7bdcd70fed939fd4210353cfb6b64ca932b11609c7a7e5c769b
Opcode Fuzzy Hash: 4aa196ad67cc3a7e12ecc588b55ec5c5dc6742e4c44c42d9fb2464e4d2039d99
Instruction Fuzzy Hash: 4D915D72604B4086EB6B9B2BE4543EA77A1F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036FFD Relevance: 9.2, APIs: 6, Instructions: 186windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 8f65baa6c79877a878d165efea2c3f3230cdbf5a6fad1bcfdec309759f6149a0
Instruction ID: 288ed62b02c1701c802e94ec6faace6cc3681e95daa58d871b1a5982afd1ee71
Opcode Fuzzy Hash: 8f65baa6c79877a878d165efea2c3f3230cdbf5a6fad1bcfdec309759f6149a0
Instruction Fuzzy Hash: A7917B72604A4085FB6B9B2BE8543EA67A2F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003789D Relevance: 9.2, APIs: 6, Instructions: 185windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400803C0: CoInitialize.OLE32 ref: 00000001400803ED
Part of subcall function 00000001400803C0: CoCreateInstance.OLE32 ref: 0000000140080411
Part of subcall function 00000001400803C0: GetKeyboardLayout.USER32 ref: 0000000140080501

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseCreateGlobalInitializeInstanceKeyboardLayoutMessagePeekUnlock
String ID:
API String ID: 1422310799-0
Opcode ID: 54ee73af532644d9005f9833ec588925d34703846d9f185a18094cf4413b07b2
Instruction ID: 92b20823fc64609db101975c8b2667d135722d2beb1123f94bef951f8b4990d9
Opcode Fuzzy Hash: 54ee73af532644d9005f9833ec588925d34703846d9f185a18094cf4413b07b2
Instruction Fuzzy Hash: BB915B72204B4486EB6B8B2BE8947EA77A1F74DBD0F504116EBA9477F8DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035E11 Relevance: 9.2, APIs: 6, Instructions: 185windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 189d43230b946db470a62915541e30f5e53c8f98647bd97e38a76e3796a35d7e
Instruction ID: 6da0c06c6a78ada20c5801cead0f23c546b72850e3770003e8dd8056189bde1a
Opcode Fuzzy Hash: 189d43230b946db470a62915541e30f5e53c8f98647bd97e38a76e3796a35d7e
Instruction Fuzzy Hash: E7914B72604B4486EB6B8B2BE8547EA77A1F74DBD0F544116EBA9477F4DB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035EB7 Relevance: 9.2, APIs: 6, Instructions: 185windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400B1470: GetForegroundWindow.USER32 ref: 00000001400B14C8
Part of subcall function 00000001400B1470: IsWindowVisible.USER32 ref: 00000001400B14E2
Part of subcall function 00000001400B1470: IsIconic.USER32 ref: 00000001400B14FB
Part of subcall function 00000001400B1470: ShowWindow.USER32 ref: 00000001400B150D

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTickWindow$ClipboardCloseForegroundGlobalIconicMessagePeekShowUnlockVisible
String ID:
API String ID: 1891409732-0
Opcode ID: 2596a5324b98e3050e71a82938ae059a4a96432e0876e302776220941d4206fa
Instruction ID: 5dc2c62c25a5b7e4b393ec0095a0528c88e0e279c710f4ab2533705e7617aceb
Opcode Fuzzy Hash: 2596a5324b98e3050e71a82938ae059a4a96432e0876e302776220941d4206fa
Instruction Fuzzy Hash: D5916872604B4086EB6B9B2BE8543EA67A1F74DBE4F544116FB6A477F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003563A Relevance: 9.2, APIs: 6, Instructions: 184windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 531024026704283e13f2aec2b34178745cba10b3a0d63dc18e645b449655608f
Instruction ID: 8a802cbfc413144bef5acce917713e449e7aedb00dc466e02838f649062d8b47
Opcode Fuzzy Hash: 531024026704283e13f2aec2b34178745cba10b3a0d63dc18e645b449655608f
Instruction Fuzzy Hash: C3918E72604B4086EB6B9B27E8543EA77A2F74DBD4F544116FBAA476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035DAD Relevance: 9.2, APIs: 6, Instructions: 184windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 496abec334b34d1316c40b0a183a1e807bec8963396955dd2ce653e6736f5577
Instruction ID: 9c9b72edf582296672a260d771e94d6d453b78bb7a20554154f02e8fcfe63261
Opcode Fuzzy Hash: 496abec334b34d1316c40b0a183a1e807bec8963396955dd2ce653e6736f5577
Instruction Fuzzy Hash: E1913872604B4486EB6B8B2BE8947EA77A1F74DBD0F544116EBA9477F8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036630 Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: c604f08de378629e43d0b3537c3287686aca63504d0d5faf531b6167a5a94688
Instruction ID: d02d9e7783b730e50838fdb47f9313044242e91565dd391724fcef4db10f506c
Opcode Fuzzy Hash: c604f08de378629e43d0b3537c3287686aca63504d0d5faf531b6167a5a94688
Instruction Fuzzy Hash: 8B915B72604B4486EB6B8B2BE8547EA77A1F74DBD0F544116EB6A877F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140033A53 Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 3d2130fb854b24aee5f391ee16de0f6c2dfd32941298298a0b0bfeb56a71c589
Instruction ID: b066232e915ff1759d06f0d0793afa8d56541c606c3f1c3fd0adbf9616e2fe9a
Opcode Fuzzy Hash: 3d2130fb854b24aee5f391ee16de0f6c2dfd32941298298a0b0bfeb56a71c589
Instruction Fuzzy Hash: CF919D72604B4486EB678B2BE4543EA77A1F74DBE4F544116FBAA476F8CB38C981C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035E4F Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: b743ba5ec7b8701805cf884e9c6f386d6c62618c427620820aa59723fd8f344b
Instruction ID: f9b4eaecd380d9d108645276e4cb488d16365d086ec7bff4cf6cee1033390f6e
Opcode Fuzzy Hash: b743ba5ec7b8701805cf884e9c6f386d6c62618c427620820aa59723fd8f344b
Instruction Fuzzy Hash: 74915972604B4086EB6B8B27E8547EA77A1F74DBD0F544116FBAA476F8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003651C Relevance: 9.2, APIs: 6, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140049C40: GetWindowRect.USER32 ref: 0000000140049C7F
Part of subcall function 0000000140049C40: MoveWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000140036570), ref: 0000000140049D63

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseGlobalMessageMovePeekRectUnlock
String ID:
API String ID: 1284534901-0
Opcode ID: d6e39cf827985914d51cadfc1afa8fbc3ee8d328422688442d177e3be0810c7d
Instruction ID: b39acbd4e0f08e1d1da430aaf87c45c36c6853c214ae4f466ce36c798626cef3
Opcode Fuzzy Hash: d6e39cf827985914d51cadfc1afa8fbc3ee8d328422688442d177e3be0810c7d
Instruction Fuzzy Hash: 6E915C72604B4486EB6B8B2BE8947EA77A1F74DBD0F544116EBAA477F5CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037D3A Relevance: 9.2, APIs: 6, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: b2cec72841bcb05fbd7d1fbeba430d43cdad128e246c59b9c4f177c44ca6d85b
Instruction ID: 8feb48508ce0d847327c734e4e14de43032f761a16fb8f49d5744b6dbe444425
Opcode Fuzzy Hash: b2cec72841bcb05fbd7d1fbeba430d43cdad128e246c59b9c4f177c44ca6d85b
Instruction Fuzzy Hash: BB918176600A4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F5CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400376F8 Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 3bd8d9e50afe7e28a77334881e182017310138546a3554110c2a536abbd152d6
Instruction ID: f38d2603a25751b4bd986b272de7e839fad5fbc46ffbdea6644840955e04d52e
Opcode Fuzzy Hash: 3bd8d9e50afe7e28a77334881e182017310138546a3554110c2a536abbd152d6
Instruction Fuzzy Hash: 9D916C72604B4486EB6B8B2BE8547EA77A2F74DBD0F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400368B8 Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 57fd764100118d7111405ccabe950724f2dc87849681ffa263b64ba85e172b95
Instruction ID: 7f52e5a97b237b23b58c281188c1d762d5e78a1cb7427eed17a467e2a94dfc14
Opcode Fuzzy Hash: 57fd764100118d7111405ccabe950724f2dc87849681ffa263b64ba85e172b95
Instruction Fuzzy Hash: F7915B72604B4486EB6B8B2BE8547EA77A1F74DBD0F544116EB69477F8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003690A Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: c975fecc737f758584c79cca697f343c025b04c92158641e7032785e91167508
Instruction ID: a7d22f22c4260aca027f329b966debb58e536db0aabca595fea53ebeb870fb4f
Opcode Fuzzy Hash: c975fecc737f758584c79cca697f343c025b04c92158641e7032785e91167508
Instruction Fuzzy Hash: E4915B72604B4486EB6B8B2BE8547EA77A1F74DBD0F544116EB69477F8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003698E Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004D590: wcsncpy.LIBCMT ref: 000000014004D5F0
Part of subcall function 000000014004D590: _wcstoi64.LIBCMT ref: 000000014004D633

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_wcstoi64wcsncpy
String ID:
API String ID: 2569467992-0
Opcode ID: abaf128525cc5617aa55680bf7c64b685fc480cdb05a8936d0ab39ffa2b2370f
Instruction ID: bbe7b92fac733e07c6ba9482889dff2291b1cd8cbdea6ceb6ebd82501fa064a3
Opcode Fuzzy Hash: abaf128525cc5617aa55680bf7c64b685fc480cdb05a8936d0ab39ffa2b2370f
Instruction Fuzzy Hash: 89915B72604B4486EB6B8B2BE8947EA77A1F74DBD4F544116EB69477F8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400377A9 Relevance: 9.2, APIs: 6, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 35dab134e8b18307dda43829dd2ba3efd251b8342b2097651ede9d574fa42c55
Instruction ID: ce0cd341c0bd83cb94fb45a00b3e3757192aca48b0d310cbdb1241303d8e4c2b
Opcode Fuzzy Hash: 35dab134e8b18307dda43829dd2ba3efd251b8342b2097651ede9d574fa42c55
Instruction Fuzzy Hash: 12917C72604B4086EB6B8B2BE8547EA77A2F74DBD0F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037C43 Relevance: 9.2, APIs: 6, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140043560: wcsncpy.LIBCMT ref: 000000014004361C

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockwcsncpy
String ID:
API String ID: 3258626421-0
Opcode ID: 361f5585ebf550eac9476617c6d43f56bbcfd5741111bd25dd3989a8eab84971
Instruction ID: b405ea7159099ed6530ba496edfcb45dbdcf9c7aebaa75cf87dbda6157aa819d
Opcode Fuzzy Hash: 361f5585ebf550eac9476617c6d43f56bbcfd5741111bd25dd3989a8eab84971
Instruction Fuzzy Hash: 65916B72204B4086EB6B8B2BE8543EA77A1F74DBD0F544116EBA9477F8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037C8E Relevance: 9.2, APIs: 6, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140043560: wcsncpy.LIBCMT ref: 000000014004361C

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockwcsncpy
String ID:
API String ID: 3258626421-0
Opcode ID: 29f37be8f42d64010ab38aa0874587d774bec61c95120f304ed67ca5bdddcea3
Instruction ID: ef34183ef3dd20d139ed328c8e8889648d2d3e89553345666312a77d13621925
Opcode Fuzzy Hash: 29f37be8f42d64010ab38aa0874587d774bec61c95120f304ed67ca5bdddcea3
Instruction Fuzzy Hash: CE916C72204B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB69477F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036162 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: b45d3c7ecf2bb7d4f93be499ef34551b5fba83f0635a4342823e7bab5f3a886a
Instruction ID: 11a546ba6103be942faf345e0826d9247604a43dce98270b3f743ed5af38cf8a
Opcode Fuzzy Hash: b45d3c7ecf2bb7d4f93be499ef34551b5fba83f0635a4342823e7bab5f3a886a
Instruction Fuzzy Hash: 87917C72600A4085FB6B9B2BE8543EA77A2F74DBD4F544116FB6A476F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038299 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 89075b8ed739de16ef4256e134fff424d603abc307fa6dbf438dd27dea5f3b31
Instruction ID: b6e1f428f5d1caddb0ed449effb6c86fefc02e5bb2bae2d7d13862c0a44519dc
Opcode Fuzzy Hash: 89075b8ed739de16ef4256e134fff424d603abc307fa6dbf438dd27dea5f3b31
Instruction Fuzzy Hash: 4C917B72604B4086EB6B9B27E8543EA77A1F74DBD0F544116FB6A876F9CB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003765E Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 95a23739deef7cbc9eacb8a8c88f49089788cf8b5ac64a4c9501bab3693b5761
Instruction ID: b2529ebd1d16fb23292cce0733f986228328f6b146ae86a423062ec605a98dae
Opcode Fuzzy Hash: 95a23739deef7cbc9eacb8a8c88f49089788cf8b5ac64a4c9501bab3693b5761
Instruction Fuzzy Hash: 7B916C72604B4086EB6B8B2BE8543EA77A2F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400377E3 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 834e4914b4f88e4c8dd6dcf2481be3a874b25fbce87cedfd4723918fb97e26b0
Instruction ID: 1c3dd8d0e9ef032bc6ea9b0be81be7f858dfd5ca10d237d7436bf0e35785239c
Opcode Fuzzy Hash: 834e4914b4f88e4c8dd6dcf2481be3a874b25fbce87cedfd4723918fb97e26b0
Instruction Fuzzy Hash: 5A916C72604B4086EB6B8B27E8543EA77A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036838 Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004BE10: SendMessageTimeoutW.USER32 ref: 000000014004BE8D

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: a3028bb58c1c9fc0e76a5e779817bcd77e5a0669ace18bb72d54e88d773bb7eb
Instruction ID: eaa8416914f6d976813c6867cca2a7d96bcd4a63758a916a6befea7b4f50adfa
Opcode Fuzzy Hash: a3028bb58c1c9fc0e76a5e779817bcd77e5a0669ace18bb72d54e88d773bb7eb
Instruction Fuzzy Hash: B8916A72604B4486EB6B8B2BE8547EA77A1F74DBD0F544116EBAA477F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036A1A Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e51305d8e338c49803053078ad7c67299323a746d9084c68c698f3a51dee77f1
Instruction ID: 46ae8e2d5bb4f3f655686c8571ce715c9423c0ca794f2fac8e894120926243e7
Opcode Fuzzy Hash: e51305d8e338c49803053078ad7c67299323a746d9084c68c698f3a51dee77f1
Instruction Fuzzy Hash: 44916B72604B4486EB6B8B2BE8547EA77A1F74DBD0F544116EB69477F8CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400381F3 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 32ec74676407c6b3dc3b9fd4ab68bc7e1be94517f24e83e0395c81d1ca2061f5
Instruction ID: be281a084ffc9fb350709a1a9bdeccdb74ac95854b353bf4d9a1cc2a9df9e39e
Opcode Fuzzy Hash: 32ec74676407c6b3dc3b9fd4ab68bc7e1be94517f24e83e0395c81d1ca2061f5
Instruction Fuzzy Hash: 20916C72604B4486EB6B8B27E8543EA77A1F74DBD4F544116EB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400374D8 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ee2d529db94d724836f7405d8ee2f13006f951684ca0e8a9b98384c1bfbe89d3
Instruction ID: eeffaa19e9976e72b6b70e1f0fbea9fa8f7ccd586bff4cc893f3835237cad510
Opcode Fuzzy Hash: ee2d529db94d724836f7405d8ee2f13006f951684ca0e8a9b98384c1bfbe89d3
Instruction Fuzzy Hash: 0D916C72604B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400367FE Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004BA40: GetWindowThreadProcessId.USER32 ref: 000000014004BAA4
Part of subcall function 000000014004BA40: AttachThreadInput.USER32 ref: 000000014004BAD4
Part of subcall function 000000014004BA40: SetFocus.USER32 ref: 000000014004BAE3
Part of subcall function 000000014004BA40: AttachThreadInput.USER32 ref: 000000014004BDA4

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountThreadTick$AttachInput$ClipboardCloseFocusGlobalMessagePeekProcessUnlockWindow
String ID:
API String ID: 1514730375-0
Opcode ID: 9ee5351dc7be510ebb27d2912622aac87dd37b472b00a12208e2abd6da8bfa5e
Instruction ID: 94ddcacff985797f1a004328acd822cbe3f2a47e4514827372eb4c097070d725
Opcode Fuzzy Hash: 9ee5351dc7be510ebb27d2912622aac87dd37b472b00a12208e2abd6da8bfa5e
Instruction Fuzzy Hash: 8C916B72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A477F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003687E Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004C1B0: SendMessageTimeoutW.USER32 ref: 000000014004C22E

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: ad0089fca7d9444b19490c63fcf75a627b101837403518c951144e562a4df5c8
Instruction ID: 4bd3614e25a9efd20d743577cf4dbee8855ba22b3b64ac9d9f8c2019fbd10e9e
Opcode Fuzzy Hash: ad0089fca7d9444b19490c63fcf75a627b101837403518c951144e562a4df5c8
Instruction Fuzzy Hash: 65917B72604B4086EB6B8B2BE8543EA77A1F74DBD0F544116EB6A477F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036B27 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ca95643e6b620fdc78d1d6aa8a5d3757d710194e27ee74b732a84f8e572937c3
Instruction ID: 9274c2e652ed0a0a299bccde3de23a3e0a18bf9e5b3b0b3a59772125a316260f
Opcode Fuzzy Hash: ca95643e6b620fdc78d1d6aa8a5d3757d710194e27ee74b732a84f8e572937c3
Instruction Fuzzy Hash: D0916B72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A477F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C67 Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: c35fb3a913460523f547c27e646f69d60f8ead88a2187731d8099c2d724e2f2e
Instruction ID: f64305c72008e8c63d6f3497a785eba05d8e62002b5bde05dbc7e62428a4f14c
Opcode Fuzzy Hash: c35fb3a913460523f547c27e646f69d60f8ead88a2187731d8099c2d724e2f2e
Instruction Fuzzy Hash: B0917C72604B408AEB6B8B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400372C3 Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 6c710904b4e0e7e81bbd0b0df7270e0fdd0fafc3ac8cce5b1536dcc5ed31ded3
Instruction ID: 57ed918a4dc239d280f5feacd71e57d123d51c211d9b01f1b341ff7fdc551bf9
Opcode Fuzzy Hash: 6c710904b4e0e7e81bbd0b0df7270e0fdd0fafc3ac8cce5b1536dcc5ed31ded3
Instruction Fuzzy Hash: E7916C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400384E1 Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A8AE0: GetFullPathNameW.KERNEL32(?,000000014003850C), ref: 00000001400A8B16
Part of subcall function 00000001400A8AE0: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A8B2A
Part of subcall function 00000001400A8AE0: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A8B3E

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$PrivateProfileStringWrite$ClipboardCloseFullGlobalMessageNamePathPeekUnlock
String ID:
API String ID: 2214806735-0
Opcode ID: 932a87a86846b23dbfd0e46082085f6ff92c9310e87d813d82daef97d72ec818
Instruction ID: f817774b436e67dc4064303c2f07559678fa1116b2fa6f46f75e2195d24beb12
Opcode Fuzzy Hash: 932a87a86846b23dbfd0e46082085f6ff92c9310e87d813d82daef97d72ec818
Instruction Fuzzy Hash: EA917B72604B4086EB6B8B2BE8543EA77A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400387C6 Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400818A0: GetCurrentProcess.KERNEL32 ref: 00000001400818A8
Part of subcall function 00000001400818A0: OpenProcessToken.ADVAPI32 ref: 00000001400818BB

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Process$ClipboardCloseCurrentGlobalMessageOpenPeekTokenUnlock
String ID:
API String ID: 3060718303-0
Opcode ID: 5b88dcce50709a4f6ce887451da45df825f4f187ebf62033d32ba9ebd3c63244
Instruction ID: a50007b312bdd8fadb63ce32054d99cd90edf140199f74ec2bd2759bc62af6e3
Opcode Fuzzy Hash: 5b88dcce50709a4f6ce887451da45df825f4f187ebf62033d32ba9ebd3c63244
Instruction Fuzzy Hash: 63816C72604B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036A66 Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004F180: SetWindowTextW.USER32 ref: 000000014004F1A4

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekTextUnlockWindow
String ID:
API String ID: 189804293-0
Opcode ID: 96d278861747bced0758caf6c43a42f3a0f1144573f0233c78ec63695927d1e2
Instruction ID: e18d84891eca884a3ac85baeee1be4f0d90f9876bd582b750fb125358c06eeba
Opcode Fuzzy Hash: 96d278861747bced0758caf6c43a42f3a0f1144573f0233c78ec63695927d1e2
Instruction Fuzzy Hash: C6916C72604B4086EB6B8B2BE8547EA77A1F74DBD4F544116FBAA476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400381C1 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2a68f1da9ee13777f7c921b53ea6145823640560837e134bd94b106f52988393
Instruction ID: 6a37b9e80332fe43428acf21c01c94880516a2d613b590bd029a9222415103f4
Opcode Fuzzy Hash: 2a68f1da9ee13777f7c921b53ea6145823640560837e134bd94b106f52988393
Instruction Fuzzy Hash: 40916972604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037404 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7b4e44ff7c385f48657ead3a8506232a9d33c28d6e7038ea15401aa31db31684
Instruction ID: 75b394c1aee1eea1e92cbb2f0c10311e13df69cc43b320ed28edf44fa4d907e6
Opcode Fuzzy Hash: 7b4e44ff7c385f48657ead3a8506232a9d33c28d6e7038ea15401aa31db31684
Instruction Fuzzy Hash: 93917D72604B4086EB6B9B27E8543EA77A1F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400384B3 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A8990: GetFullPathNameW.KERNEL32(?,00000001400384DC), ref: 00000001400A89DC
Part of subcall function 00000001400A8990: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A8A0F
Part of subcall function 00000001400A8990: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A8A9C

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$PrivateProfileStringWrite$ClipboardCloseFullGlobalMessageNamePathPeekUnlock
String ID:
API String ID: 2214806735-0
Opcode ID: 6f43f0229f5a3e5cc1448e95fbdce13369c653d2793cd72f7149d234c403159f
Instruction ID: 020af3c7ac43ad831aab543c04ae5d8a3f1a4cf61d6eb91a852c42d0e97e407b
Opcode Fuzzy Hash: 6f43f0229f5a3e5cc1448e95fbdce13369c653d2793cd72f7149d234c403159f
Instruction Fuzzy Hash: 3F916972604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400367D0 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004B2B0: GetWindowThreadProcessId.USER32 ref: 000000014004B30D
Part of subcall function 000000014004B2B0: GetGUIThreadInfo.USER32 ref: 000000014004B31A
Part of subcall function 000000014004B2B0: GetClassNameW.USER32 ref: 000000014004B34D
Part of subcall function 000000014004B2B0: EnumChildWindows.USER32 ref: 000000014004B377

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Thread$ChildClassClipboardCloseEnumGlobalInfoMessageNamePeekProcessUnlockWindowWindows
String ID:
API String ID: 3620957724-0
Opcode ID: 3dd368a848900c0b12d8bcb81d0739d35d886675ab8a4f33fbca61ec77b72cdc
Instruction ID: fc33901d1ca34cab6cf6b4e286c114ff315d8dd36084cf5bb1284c5923fed366
Opcode Fuzzy Hash: 3dd368a848900c0b12d8bcb81d0739d35d886675ab8a4f33fbca61ec77b72cdc
Instruction Fuzzy Hash: 3E916972604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037839 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 0af306a18b8c2b4e0084415d716299b23f7d5e4849224f31c33a1056b12b2162
Instruction ID: b98f22edb9134565f3100f467ba4b54a7afc3409d37ab6cf244cc4721cdbc41a
Opcode Fuzzy Hash: 0af306a18b8c2b4e0084415d716299b23f7d5e4849224f31c33a1056b12b2162
Instruction Fuzzy Hash: 06916972604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003695C Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 464a34634f05383295ebd4e328e7694038a8e10af88f2de9baefac7a3c77b8d6
Instruction ID: 6929816c0c732e5bf24972e6eabc78d0585a415e53a0298bc445a2bc555527c9
Opcode Fuzzy Hash: 464a34634f05383295ebd4e328e7694038a8e10af88f2de9baefac7a3c77b8d6
Instruction Fuzzy Hash: F5916972604B4086EB6B8B2BE8547EA77A1F74DBD4F544116EB6A877F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035B45 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005B4C0: wcsncpy.LIBCMT ref: 000000014005B4F5

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockwcsncpy
String ID:
API String ID: 3258626421-0
Opcode ID: df15949186f2ee678d32a4b2b66cdac8a4f2df4bd7837e678a65de4499cc559d
Instruction ID: 679afe4950975493c522f1ec33d791aae13712ddf8f6cb0fb0e4262d58c7ec7f
Opcode Fuzzy Hash: df15949186f2ee678d32a4b2b66cdac8a4f2df4bd7837e678a65de4499cc559d
Instruction Fuzzy Hash: 7A916972604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A877F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036B61 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 0288ecdd008266c863cbaaff0373f0b549cccfd271bcbc7152c184f1e5ee24dd
Instruction ID: 6eed64a4da364a5c9effa35746537467cdda48dc1e12e21f34e97af1f77e50a2
Opcode Fuzzy Hash: 0288ecdd008266c863cbaaff0373f0b549cccfd271bcbc7152c184f1e5ee24dd
Instruction Fuzzy Hash: DA916972604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036B8F Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140051BF0: GetWindowRect.USER32 ref: 0000000140051C76

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekRectUnlockWindow
String ID:
API String ID: 1900757344-0
Opcode ID: 3e3207985a8fb5c5667f73bd11e5c210e84389802036416bfc230945a50603b1
Instruction ID: bb0d327458da1db85026c49fc07cdfd48eb8bf7e6cdc1dc3457fe29e2c2bad45
Opcode Fuzzy Hash: 3e3207985a8fb5c5667f73bd11e5c210e84389802036416bfc230945a50603b1
Instruction Fuzzy Hash: 7D915A72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037CD9 Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 4df7efb01af68025676f9849c8426c01ccb753ead61e0e5ed064f1eaa7949d69
Instruction ID: 4a37506994f4e75e6fc5560af59169ecc8a586c2c5d58e7cb98800ee910ecbd3
Opcode Fuzzy Hash: 4df7efb01af68025676f9849c8426c01ccb753ead61e0e5ed064f1eaa7949d69
Instruction Fuzzy Hash: 68916972604B4486EB6B8B2BE8543EA77A1F74DBD4F544116EB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038374 Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fb9973710b066a835f10a2256b92a10519f9e0b5b0bebd222369df9d44d0b7c1
Instruction ID: 6aac5f5eaa1c0958dbe6297e39a3f6051f525d46d39706e62f65137a1c440b78
Opcode Fuzzy Hash: fb9973710b066a835f10a2256b92a10519f9e0b5b0bebd222369df9d44d0b7c1
Instruction Fuzzy Hash: 06817E72604A4086EB6BDB27E8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003740D Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 5a567da9acb47c6b903903186c7d65cd4d2fc3510aaa3e82bda70c2f240d416f
Instruction ID: 7595d0b89774c543326b2503961c670c9d3364659953bce645fe6045663b5ab0
Opcode Fuzzy Hash: 5a567da9acb47c6b903903186c7d65cd4d2fc3510aaa3e82bda70c2f240d416f
Instruction Fuzzy Hash: 3C816D72604B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035CED Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Part of subcall function 00000001400150B0: CloseHandle.KERNEL32 ref: 000000014001517E
Part of subcall function 00000001400150B0: CreateMutexW.KERNEL32 ref: 000000014001518F
Part of subcall function 00000001400150B0: GetLastError.KERNEL32 ref: 0000000140015198
Part of subcall function 00000001400150B0: GetWindowThreadProcessId.USER32 ref: 0000000140015254

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: 3abab05f442fa94c381372a725294529c2ef5a1e66e7ce61c36ca78747420ee4
Instruction ID: b55bfe7645119cd75c95fb9ee11cf1ba37fddc0290ccce86bc18661dd845f5de
Opcode Fuzzy Hash: 3abab05f442fa94c381372a725294529c2ef5a1e66e7ce61c36ca78747420ee4
Instruction Fuzzy Hash: 9D816D76600B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038229 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 0d50eb44e18d582c8ed0ac99ed387f41400490fd053e952304578f8f50c4f5fa
Instruction ID: fcaa4abfc22aeb62963416b755d9f488de952ec4277bdf6cfe02e56f4573609f
Opcode Fuzzy Hash: 0d50eb44e18d582c8ed0ac99ed387f41400490fd053e952304578f8f50c4f5fa
Instruction Fuzzy Hash: B0818B72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037286 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005F140: wcsncpy.LIBCMT ref: 000000014005F199
Part of subcall function 000000014005F140: SetVolumeLabelW.KERNEL32 ref: 000000014005F1E4

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalLabelMessagePeekUnlockVolumewcsncpy
String ID:
API String ID: 2345973108-0
Opcode ID: a5ab4d2fc2e52499565725dde4039022b8ad874c63332374fd6f570c6466bbc7
Instruction ID: 74ce86d78a370505642ba2508c743a211cdcc164a3ea93f0644f32b3e31de062
Opcode Fuzzy Hash: a5ab4d2fc2e52499565725dde4039022b8ad874c63332374fd6f570c6466bbc7
Instruction Fuzzy Hash: 97816A72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003848D Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A8460: GetFullPathNameW.KERNEL32(?,?,?,00000001400384AE), ref: 00000001400A84B9
Part of subcall function 00000001400A8460: GetPrivateProfileStringW.KERNEL32 ref: 00000001400A84F5

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseFullGlobalMessageNamePathPeekPrivateProfileStringUnlock
String ID:
API String ID: 3404763234-0
Opcode ID: cc0b648204919c622e9eb9de9167ff71108cfd4507100097083834cc73d206e1
Instruction ID: 5eea6d471afcf342eaaa76ff79ab17208e5f4452bff60d7ee38835101d22a541
Opcode Fuzzy Hash: cc0b648204919c622e9eb9de9167ff71108cfd4507100097083834cc73d206e1
Instruction Fuzzy Hash: 87817C72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400374B6 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 92d374b1b0d5edb51b37f899020647b4f0156d55c96065adeaca230f1e5c2fbd
Instruction ID: f80d961f058286a3a650813920ef25fefa9d734c1931857b2154671e751079b1
Opcode Fuzzy Hash: 92d374b1b0d5edb51b37f899020647b4f0156d55c96065adeaca230f1e5c2fbd
Instruction Fuzzy Hash: B5816B72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037816 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400637B0: SetCurrentDirectoryW.KERNEL32 ref: 00000001400637F3

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseCurrentDirectoryGlobalMessagePeekUnlock
String ID:
API String ID: 1560712716-0
Opcode ID: 3e88bfe125274c54540777df4e239f036986ef0c1e9c95ccccc407feed3e043e
Instruction ID: 6b427fee45962d201f8b588fa918973a52b8b694a937d383763de5753538b21a
Opcode Fuzzy Hash: 3e88bfe125274c54540777df4e239f036986ef0c1e9c95ccccc407feed3e043e
Instruction Fuzzy Hash: EA816C72604B4086EB6B9B27E8943EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037867 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 25b9663d3bcac55836324b1a742d90a040fe6aadadfdd6f870a1c43f505d595d
Instruction ID: 460a94b722521c3e0eae423e9f7ae55a0af6172c7172bb1471dcbcc93fabfea5
Opcode Fuzzy Hash: 25b9663d3bcac55836324b1a742d90a040fe6aadadfdd6f870a1c43f505d595d
Instruction Fuzzy Hash: A9817B72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400369F8 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: dc95913fefa2b0c4aced48f96d7683200ebdb6679f2b13ebaa659568f1d04918
Instruction ID: f39c071c9d4bdfed42bf3f7c9121bdf1397892eb06e7058c44f280686f5e9c02
Opcode Fuzzy Hash: dc95913fefa2b0c4aced48f96d7683200ebdb6679f2b13ebaa659568f1d04918
Instruction Fuzzy Hash: F8816C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036ADB Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004F1C0: GetWindowTextLengthW.USER32 ref: 000000014004F1EE

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalLengthMessagePeekTextUnlockWindow
String ID:
API String ID: 1215013059-0
Opcode ID: 247156d2b0ddeca3d22b977412ca4fcc27b7063af2bdcf196f8755196be108c7
Instruction ID: f8345f87baa8717e536d7b1cc75849ec60e64fc647aad4ba5a26fcf45dc98f9d
Opcode Fuzzy Hash: 247156d2b0ddeca3d22b977412ca4fcc27b7063af2bdcf196f8755196be108c7
Instruction Fuzzy Hash: B0816B72604B4086EB6B8B2BE8547EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036B01 Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 49e862ec4b10ac7fe6c75f4f0b62d44709150588ba2fcfd47f5e1b952c89913f
Instruction ID: 09cfcb19af51918c627c14f18e54bcfced074ea033b88781d3a9aed9bcdb9d8d
Opcode Fuzzy Hash: 49e862ec4b10ac7fe6c75f4f0b62d44709150588ba2fcfd47f5e1b952c89913f
Instruction Fuzzy Hash: 29817B72604B4086EB6B8B2BE8543EA77A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036147 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014007E060: _wcstoi64.LIBCMT ref: 000000014007E0C4
Part of subcall function 000000014007E060: InternetOpenW.WININET ref: 000000014007E139
Part of subcall function 000000014007E060: InternetOpenUrlW.WININET ref: 000000014007E15C
Part of subcall function 000000014007E060: InternetCloseHandle.WININET ref: 000000014007E16D

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountInternetTick$CloseOpen$ClipboardGlobalHandleMessagePeekUnlock_wcstoi64
String ID:
API String ID: 2751744677-0
Opcode ID: 99e88dd3cdafdc35c790d00c67fe42ae1a130b85613b9e657dd91b8baef8309f
Instruction ID: 389d5653171aba5897065a49e2277fec769d6ded700b0a6ea1693ab601f68c88
Opcode Fuzzy Hash: 99e88dd3cdafdc35c790d00c67fe42ae1a130b85613b9e657dd91b8baef8309f
Instruction Fuzzy Hash: 6F816C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003726F Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005ED50: wcsncpy.LIBCMT ref: 000000014005ED94
Part of subcall function 000000014005ED50: GetDiskFreeSpaceExW.KERNEL32 ref: 000000014005EDF5

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseDiskFreeGlobalMessagePeekSpaceUnlockwcsncpy
String ID:
API String ID: 833027430-0
Opcode ID: d22f75083a83d79436082f6a98452a5747d3e11f1a31ff4a73a7837c4611081c
Instruction ID: b5c282fa1fe26ad9a81cfbed0d60decb59a2294616d78f7bcc1f6ccf3d25bd2f
Opcode Fuzzy Hash: d22f75083a83d79436082f6a98452a5747d3e11f1a31ff4a73a7837c4611081c
Instruction Fuzzy Hash: E6816B72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400372A8 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 663f8685e324e69c3914de3ac343972c356e9836e24806afb0f4cd34a5653415
Instruction ID: 0cd3adffc02ef9976f9dcfa11e1179d125a631498158916c3e688f19c77c332e
Opcode Fuzzy Hash: 663f8685e324e69c3914de3ac343972c356e9836e24806afb0f4cd34a5653415
Instruction Fuzzy Hash: 9F816B72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400382CD Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: d4babd5c7abde5c41fe61d29538f44debda5d1c9f4a430b282918e3c39bc4fa6
Instruction ID: 6a0b8cb3423b8b7bed755dabafb5e58bb6456d21f2754c4d086215f03bd98ba3
Opcode Fuzzy Hash: d4babd5c7abde5c41fe61d29538f44debda5d1c9f4a430b282918e3c39bc4fa6
Instruction Fuzzy Hash: 78818E72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003831E Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e0ccc4b5189909cf9facb9d40468fa8e71c7623f396a946ebdf78e67983ee2c5
Instruction ID: e8a7b6187693dbd0684a85b7b3dad3019838973f470586f8b818d55179ea659a
Opcode Fuzzy Hash: e0ccc4b5189909cf9facb9d40468fa8e71c7623f396a946ebdf78e67983ee2c5
Instruction Fuzzy Hash: 31818F72604B4086EB6B8B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038349 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ca1a0dbfeb359de3ade2a4b6b72a71255bd146cdcbae3ecc25f27cdc31a8bf56
Instruction ID: 85d8cd1f66daefe22fc7e5b21964cb2ed5dd75200d6b52f845ba7ec06563d9c2
Opcode Fuzzy Hash: ca1a0dbfeb359de3ade2a4b6b72a71255bd146cdcbae3ecc25f27cdc31a8bf56
Instruction Fuzzy Hash: 3F818F72604B4086EB6B8B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038416 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a6cc2c34b296de27396c5e4afaef2466ee173787f4246721214653185469bbcf
Instruction ID: b47e74439a3ea4cec0a0e90e9640a148115d4642bc5205a69a10b5adbb64354a
Opcode Fuzzy Hash: a6cc2c34b296de27396c5e4afaef2466ee173787f4246721214653185469bbcf
Instruction Fuzzy Hash: 6D816C72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038430 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: b6bb33c7165dfaad7f4b2eb109a8903603393878d84991514f6069e8db4c04d4
Instruction ID: 0f92c6ac9c07a92eae65dfe18c09fe438fe2722263970ecf74228db74d7b6c1a
Opcode Fuzzy Hash: b6bb33c7165dfaad7f4b2eb109a8903603393878d84991514f6069e8db4c04d4
Instruction Fuzzy Hash: BA816D72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037441 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140065590: _wcstoi64.LIBCMT ref: 00000001400655F8

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_wcstoi64
String ID:
API String ID: 3633153638-0
Opcode ID: 72f8dd43bb758cc9a6dfc35a1d3081535897b3f6a28c89de7807637e17711de3
Instruction ID: 8ca166d8d2c557c14526b50d25a59d67c1c2d8393d810d26a5fdf84dadc190f0
Opcode Fuzzy Hash: 72f8dd43bb758cc9a6dfc35a1d3081535897b3f6a28c89de7807637e17711de3
Instruction Fuzzy Hash: 43817B72604B4086EB6B8B2BE8543EA77A1F74DBD0F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003844A Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2c5efa518f54cd87e773a7d0eee4f37b3eeedccce83cc56d354caf6eccdc85aa
Instruction ID: 06347cbf25d1b47e9da64acb4a8b5f16ef7a39e38667a8000e7f8a7b3dfbef71
Opcode Fuzzy Hash: 2c5efa518f54cd87e773a7d0eee4f37b3eeedccce83cc56d354caf6eccdc85aa
Instruction Fuzzy Hash: BE816C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400369E4 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004D6F0: SendMessageTimeoutW.USER32 ref: 000000014004D89C

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: a733b3dfeafc27432f3fe0ca82f0e5cfae9e5dedc8c0a18fdd08ee0c95ce49c1
Instruction ID: 7b902bc92c729d9177a8598ddbabb76ad7cc9c881cf564ffc395e92572c0a71c
Opcode Fuzzy Hash: a733b3dfeafc27432f3fe0ca82f0e5cfae9e5dedc8c0a18fdd08ee0c95ce49c1
Instruction Fuzzy Hash: 0B817D72604B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035B26 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ed1331155fb11ffe12ab3e132ad5ecd32bf7e4ad416967d68a4f6ae7c6b95496
Instruction ID: d26504a443a6742facda89b2b11bc4cd128c90bf1ffbe6f40a9fe0b143880c51
Opcode Fuzzy Hash: ed1331155fb11ffe12ab3e132ad5ecd32bf7e4ad416967d68a4f6ae7c6b95496
Instruction Fuzzy Hash: 2A816B72604B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036BBD Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 15c4febef2b81a7b564601dd204080f2218f359505c0ee0ab57215bd3c680c08
Instruction ID: 7fb5082a7d63f07071a92649fe50b88eb48372c541fac5ab861f349753c40fad
Opcode Fuzzy Hash: 15c4febef2b81a7b564601dd204080f2218f359505c0ee0ab57215bd3c680c08
Instruction Fuzzy Hash: 72816B72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037D91 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: be0812a8daab21303550ed1af8bc140bedd56245b78174a04f5d58cc5a1b6fd5
Instruction ID: 9aec23ae82d6d44561fa0d635f01b9308cdd37a8d271fe6402a9bb95042258a0
Opcode Fuzzy Hash: be0812a8daab21303550ed1af8bc140bedd56245b78174a04f5d58cc5a1b6fd5
Instruction Fuzzy Hash: FB818072600B4086EB6B8B27E8543EA77A1F74DBD4F544116FBAA876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037F49 Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 99f5bea564d6318b49df042d13ea9e20f653a3cd97e680e26bd462eac486c004
Instruction ID: d61fa42ef9ed60eff64258686bc75f1edaae527889bc39c765644705140bfd6f
Opcode Fuzzy Hash: 99f5bea564d6318b49df042d13ea9e20f653a3cd97e680e26bd462eac486c004
Instruction Fuzzy Hash: 44818E72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400370E2 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005E660: GetKeyboardLayout.USER32 ref: 000000014005E688

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalKeyboardLayoutMessagePeekUnlock
String ID:
API String ID: 2243892272-0
Opcode ID: 300e6e4684afe4997b1eeaf5e3fb44a798576274c5abb4c574f3f370e7d3f652
Instruction ID: cb0c8e3db820c9f1ac30ffd97d7b77f13d1e071c171aece700e43de58041cd27
Opcode Fuzzy Hash: 300e6e4684afe4997b1eeaf5e3fb44a798576274c5abb4c574f3f370e7d3f652
Instruction Fuzzy Hash: D3816C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038136 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7ec8e8d99908444d79d75975b49f412130cb271761238fe2aa82df3ffbd35562
Instruction ID: 1aa9f8c9510b6fda89d0e21ce647f4910a1d5abdc323918e114c61e8a1636584
Opcode Fuzzy Hash: 7ec8e8d99908444d79d75975b49f412130cb271761238fe2aa82df3ffbd35562
Instruction Fuzzy Hash: 87816C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400383DA Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Part of subcall function 000000014000A880: PostThreadMessageW.USER32 ref: 000000014000A901
Part of subcall function 000000014000A880: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000000014000A90E
Part of subcall function 000000014000A880: GetTickCount.KERNEL32 ref: 000000014000A91E
Part of subcall function 000000014000A880: GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 000000014000A93F
Part of subcall function 000000014000A880: GetTickCount.KERNEL32 ref: 000000014000A952
Part of subcall function 000000014000A880: Sleep.KERNEL32 ref: 000000014000A963
Part of subcall function 000000014000A880: CloseHandle.KERNEL32 ref: 000000014000A972
Part of subcall function 000000014000A880: CreateMutexW.KERNEL32 ref: 000000014000A99D
Part of subcall function 000000014000A880: CreateMutexW.KERNEL32 ref: 000000014000A9DF

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$CloseCreateMessageMutexSleepThread$ClipboardCodeExitGlobalHandlePeekPostUnlock
String ID:
API String ID: 4035754557-0
Opcode ID: 889a127ca4a9c6a43266572cb36023da4b36a98cf600155a276aaaacc49d34fb
Instruction ID: 798761ec189776ba2409c0cbc05f91bd4179fbc21187f6f5fa598c9e8b295598
Opcode Fuzzy Hash: 889a127ca4a9c6a43266572cb36023da4b36a98cf600155a276aaaacc49d34fb
Instruction Fuzzy Hash: DD816D72600B4486EB6B8B2BE8543EA77A1F74DBD4F544116FBAA476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003742D Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 5da6e81a022aaef1ce351c589eeb7944e23cc5a64025ecdf1f2f236d90e94871
Instruction ID: b8b87dc58513eed4fb687a6a33945d753a4873046ad88a201f2e0f08f500507f
Opcode Fuzzy Hash: 5da6e81a022aaef1ce351c589eeb7944e23cc5a64025ecdf1f2f236d90e94871
Instruction Fuzzy Hash: 27816C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003745C Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400661A0: SetLastError.KERNEL32 ref: 000000014006620A
Part of subcall function 00000001400661A0: DeleteFileW.KERNEL32 ref: 0000000140066213
Part of subcall function 00000001400661A0: GetLastError.KERNEL32 ref: 000000014006621E

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ErrorLast$ClipboardCloseDeleteFileGlobalMessagePeekUnlock
String ID:
API String ID: 3770565981-0
Opcode ID: 18ca1be83b99402ea5ad07b0f1fcf638a688ebe9cfb7dd803df3267e2bc3bd03
Instruction ID: f61b7220afdec503cc89edc83018787d1fa78c42f2355f46a0543bcd045a74d5
Opcode Fuzzy Hash: 18ca1be83b99402ea5ad07b0f1fcf638a688ebe9cfb7dd803df3267e2bc3bd03
Instruction Fuzzy Hash: E0816C72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037470 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140080900: GetFullPathNameW.KERNEL32 ref: 0000000140080939
Part of subcall function 0000000140080900: SHFileOperationW.SHELL32 ref: 00000001400809B1

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseFileFullGlobalMessageNameOperationPathPeekUnlock
String ID:
API String ID: 1286959346-0
Opcode ID: b038ea897c25a4f051bfab7e23267f75cabc21236c716f2f934921040b2f0bde
Instruction ID: b6f6a0bfb88d0a245388f0a5da7c782283342b09a55b096d0e410e04d8ca4ffb
Opcode Fuzzy Hash: b038ea897c25a4f051bfab7e23267f75cabc21236c716f2f934921040b2f0bde
Instruction Fuzzy Hash: EC816C72604B4486EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037889 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014007EFF0: CoInitialize.OLE32 ref: 000000014007F0F7
Part of subcall function 000000014007EFF0: CoCreateInstance.OLE32 ref: 000000014007F11B

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseCreateGlobalInitializeInstanceMessagePeekUnlock
String ID:
API String ID: 2299052934-0
Opcode ID: 8c25b7e1abc0f4c099d1000af0f5b9e3a3dcc485513fb672d456c58540d1d3b8
Instruction ID: 92e492c227136f241dd02a264857f166b85da8497d57494a50260c4b0267e714
Opcode Fuzzy Hash: 8c25b7e1abc0f4c099d1000af0f5b9e3a3dcc485513fb672d456c58540d1d3b8
Instruction Fuzzy Hash: 4D816C72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037907 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140056DC0: SendMessageW.USER32(?,0000000140037911), ref: 0000000140056F69

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 1853169715-0
Opcode ID: 9f01fe5d6c3481218d3e0ac2a6b9a981e9ef4af6b637ded38f772d72be2be5e0
Instruction ID: 0b1dc5c025deed94107df23998ae642156be7f290e52b451d0ba96f9ea183c56
Opcode Fuzzy Hash: 9f01fe5d6c3481218d3e0ac2a6b9a981e9ef4af6b637ded38f772d72be2be5e0
Instruction Fuzzy Hash: B8816B72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037983 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140056DC0: SendMessageW.USER32(?,0000000140037911), ref: 0000000140056F69

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 1853169715-0
Opcode ID: d9b51f5bcb8650678d3bbc9622ba952210660c9ecf3de9fee473e083119ed222
Instruction ID: 13cda1ea6a1610234b67071ccc6795cb25708114e0994481928dc02620f3d764
Opcode Fuzzy Hash: d9b51f5bcb8650678d3bbc9622ba952210660c9ecf3de9fee473e083119ed222
Instruction Fuzzy Hash: FD816B72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037992 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140056DC0: SendMessageW.USER32(?,0000000140037911), ref: 0000000140056F69

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendUnlock
String ID:
API String ID: 1853169715-0
Opcode ID: 6b9885e766cbc4fbec65d0e4001c1d971d1884bebb7e9e552bef9cb4cc458a6d
Instruction ID: 24b262b7c5e757596e318cb2ce2bd0ea03273cfb75249cd9490d8e4630a3fbe3
Opcode Fuzzy Hash: 6b9885e766cbc4fbec65d0e4001c1d971d1884bebb7e9e552bef9cb4cc458a6d
Instruction Fuzzy Hash: 4C816B72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035B73 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: eea365b966bffe8abc8054f04d049e70e52231cba2b31a9f1ec20148024f9952
Instruction ID: 633790608702074fe87e49e77becc0582c7e2075ec42d72e934ec89ae9637e73
Opcode Fuzzy Hash: eea365b966bffe8abc8054f04d049e70e52231cba2b31a9f1ec20148024f9952
Instruction Fuzzy Hash: F3816C72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035D55 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Part of subcall function 00000001400150B0: CloseHandle.KERNEL32 ref: 000000014001517E
Part of subcall function 00000001400150B0: CreateMutexW.KERNEL32 ref: 000000014001518F
Part of subcall function 00000001400150B0: GetLastError.KERNEL32 ref: 0000000140015198
Part of subcall function 00000001400150B0: GetWindowThreadProcessId.USER32 ref: 0000000140015254

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: eb305d8de367635e09ec69fae9fde1f61d5805db35ee3ab4a9b00006bb49012d
Instruction ID: 183b52035ca2c78f944451fa93fcdd27079d4133cd190f465d1bd376e29b2827
Opcode Fuzzy Hash: eb305d8de367635e09ec69fae9fde1f61d5805db35ee3ab4a9b00006bb49012d
Instruction Fuzzy Hash: 05816C72600B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A476F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035D79 Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Part of subcall function 00000001400150B0: CloseHandle.KERNEL32 ref: 000000014001517E
Part of subcall function 00000001400150B0: CreateMutexW.KERNEL32 ref: 000000014001518F
Part of subcall function 00000001400150B0: GetLastError.KERNEL32 ref: 0000000140015198
Part of subcall function 00000001400150B0: GetWindowThreadProcessId.USER32 ref: 0000000140015254

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: d114997a3acb784b9a4e6b4b6715b25e2016dbd4064ba393d54109c696946d78
Instruction ID: 846f2de042565f22a961275a1047af09ae9c864ffc1ef69e51a9b6f70f6a6821
Opcode Fuzzy Hash: d114997a3acb784b9a4e6b4b6715b25e2016dbd4064ba393d54109c696946d78
Instruction Fuzzy Hash: 81816D72600B4086EB6B9B2BE8947EA77A1F74DBD4F544116FB6A476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FDA Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 072eb73b48229afd6b3efc7d8fd71b8490474625ed7a070fa68c19fa05141b01
Instruction ID: ac85c554914c20b8e6482e7abe274a3e175ac4d3d2f0791aaec8376a8d6531b7
Opcode Fuzzy Hash: 072eb73b48229afd6b3efc7d8fd71b8490474625ed7a070fa68c19fa05141b01
Instruction Fuzzy Hash: DF818072604B4086EB6B8B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400382F8 Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fbc591181ef8008df52e8b2197cea14468b7d6fc745f17c03f80a7f07e1ddd8a
Instruction ID: 526c6c3405836014ea07bf83fdced8213f1e014747997a6eed3fbbcac3890a66
Opcode Fuzzy Hash: fbc591181ef8008df52e8b2197cea14468b7d6fc745f17c03f80a7f07e1ddd8a
Instruction Fuzzy Hash: CC818E72600B4086EB6B9B2BE8543EA77A1F74DBD4F544116FBAA476F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003650B Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: c2ad0f3a19c3d927a7251a49deb2fc48f44d40573aab2cd8a34c9edfcba412cb
Instruction ID: 8940c8c914bc1266335fdf9f2ff752a8bdf32b682ee9586d1e6742985ad1801a
Opcode Fuzzy Hash: c2ad0f3a19c3d927a7251a49deb2fc48f44d40573aab2cd8a34c9edfcba412cb
Instruction Fuzzy Hash: 8C817C72604B4086EB6B9B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037D2D Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400474C0: PostMessageW.USER32 ref: 0000000140047549

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekPostUnlock
String ID:
API String ID: 2416748954-0
Opcode ID: b1f4042bc06d1ce25de4bac59a000307290d547cce12a69d8de5ed69418eed69
Instruction ID: de3cf16d6b9c5ff825aae6414e3e83942e15f74b9589fe71d36ecfc67b86743c
Opcode Fuzzy Hash: b1f4042bc06d1ce25de4bac59a000307290d547cce12a69d8de5ed69418eed69
Instruction Fuzzy Hash: 7C816C72604B408AEB6B8B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C481C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038464 Relevance: 9.2, APIs: 6, Instructions: 167windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 6281f897c96e89e2748424dbcab3d0e7f4613b07a766a7c5c243fd45f6db02e0
Instruction ID: 6da776e0b8e9f5dedaff9e53c5ac6739cc0d3ef7ba4db5049642c37faba1931e
Opcode Fuzzy Hash: 6281f897c96e89e2748424dbcab3d0e7f4613b07a766a7c5c243fd45f6db02e0
Instruction Fuzzy Hash: D1816C72600B4086EB6B9B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FAE Relevance: 9.2, APIs: 6, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: c1149da52b118afaa8911e9ba2b1929180481827b6bcd8f10f6e8b1b304f8c9a
Instruction ID: 2c721987df4b8e2c71acf83414b536ceb081f84ec87041b69e04dafaa180d3d8
Opcode Fuzzy Hash: c1149da52b118afaa8911e9ba2b1929180481827b6bcd8f10f6e8b1b304f8c9a
Instruction Fuzzy Hash: 9F817F72600B4086EB6B8B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FBE Relevance: 9.2, APIs: 6, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 0f5d3859fb041b2571e13f6b545e445dc048f7211db0f5306287d37e16a8d096
Instruction ID: 3709e1b723f8e9390a3cd6944e6dc22dae7aab82ee49525444301f0720e8aea6
Opcode Fuzzy Hash: 0f5d3859fb041b2571e13f6b545e445dc048f7211db0f5306287d37e16a8d096
Instruction Fuzzy Hash: C0817F72604B4086EB6B8B27E8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FC7 Relevance: 9.2, APIs: 6, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 2b0a542d08595dbeab4fa155e43e70a374fb8a7ed9c3d4df94513e84c67a96b7
Instruction ID: f07a39f9bf5e3dfac4b80a58fd9e7226b2c1d4a578de5d4f215d57cee7460be6
Opcode Fuzzy Hash: 2b0a542d08595dbeab4fa155e43e70a374fb8a7ed9c3d4df94513e84c67a96b7
Instruction Fuzzy Hash: 7A817E72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400383CF Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 570fc201bd0773cc8d1eacf1edfa00e8357c6c6ead5a27cc92cc5b3273b2b3aa
Instruction ID: 3b8af9a61a74395145176a4120e1df11df08d458f2a80d59919908fe28c65a81
Opcode Fuzzy Hash: 570fc201bd0773cc8d1eacf1edfa00e8357c6c6ead5a27cc92cc5b3273b2b3aa
Instruction Fuzzy Hash: 0C816D72600B408AEB6B8B27E8543EA77A1F74DBD4F544116FB6A476F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003840A Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 082f7760417b26d09c9271be974fc9150a31892be1e9315aa2e39eb5c4cf02b8
Instruction ID: 29312dc96cf4475be0dfd2eb41d1aec4176fd1a523807ae1f7aacd7534773bc9
Opcode Fuzzy Hash: 082f7760417b26d09c9271be974fc9150a31892be1e9315aa2e39eb5c4cf02b8
Instruction Fuzzy Hash: F5817E72604B4086EB6B8B2BE8543EA77A1F74DBD4F544116FB6A476F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FA1 Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f431079513b2a80e76b91737a3febb34cc286eb84957f4d36b7410681c3a908e
Instruction ID: 5a460d75574545a97b3ec84261e8996b14ea6679192842fec22b255b1cb826d3
Opcode Fuzzy Hash: f431079513b2a80e76b91737a3febb34cc286eb84957f4d36b7410681c3a908e
Instruction Fuzzy Hash: EF817E72600B4086EB6B9B27E8543EA77A1F74DBD4F544116FB6A476F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400339AD Relevance: 9.2, APIs: 6, Instructions: 158windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140032391
CloseClipboard.USER32 ref: 000000014003239E
GetTickCount.KERNEL32 ref: 00000001400323B1
PeekMessageW.USER32 ref: 00000001400323E5
GetTickCount.KERNEL32 ref: 00000001400323F9
GetTickCount.KERNEL32 ref: 00000001400324C7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fdc77adc24e593422c06876d2da7aedec346a7ceeef46c1b39c5275527db9568
Instruction ID: 6f9e275d7c015680c372f837190083c837c65582415cd008dd0566f97d70eec3
Opcode Fuzzy Hash: fdc77adc24e593422c06876d2da7aedec346a7ceeef46c1b39c5275527db9568
Instruction Fuzzy Hash: A7716E72600A4086EB6B9B2BF8543EA77A1F74DBD4F544116FB6A876F9CB38C581C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140081130 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

RemoveDirectoryW.KERNEL32 ref: 000000014008113B
GetFullPathNameW.KERNEL32 ref: 0000000140081170
GetFileAttributesW.KERNELBASE ref: 00000001400811A0
SHFileOperationW.SHELL32 ref: 00000001400811FE

Strings

\, xrefs: 000000014008118E

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: File$AttributesDirectoryFullNameOperationPathRemove
String ID: \
API String ID: 934956312-2967466578
Opcode ID: 950fbe2a09131c7ca975ea6498cc95a59f1bdbb82ece9913bce5ead5d533609e
Instruction ID: 5c27279721191db8c6a327e71d2fd58c43be18ea7396a26832fa7eb944a088b9
Opcode Fuzzy Hash: 950fbe2a09131c7ca975ea6498cc95a59f1bdbb82ece9913bce5ead5d533609e
Instruction Fuzzy Hash: 68214136508B8482EB618F21F4843EEB3A5FB897A0F544315F7A8939E8DB7CC559CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140064C20 Relevance: 7.6, APIs: 5, Instructions: 94COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE ref: 0000000140064C4E
SetLastError.KERNEL32 ref: 0000000140064C60
CreateDirectoryW.KERNELBASE ref: 0000000140064D28
SetLastError.KERNEL32 ref: 0000000140064D43

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ErrorLast$AttributesCreateDirectoryFile
String ID:
API String ID: 635176117-0
Opcode ID: 3b11c64c2a0ff170e8e443d5f25b3503de84dea4b71e7e136c459b1e7fb6f5ae
Instruction ID: 26da94180b46e575fe681ee260f3b64afadda3062d6142fa6401042ae41f61d3
Opcode Fuzzy Hash: 3b11c64c2a0ff170e8e443d5f25b3503de84dea4b71e7e136c459b1e7fb6f5ae
Instruction Fuzzy Hash: C031653270265085EB569F27A8043ED6291EB8DBF5F1D8730BF6E477E4DA34C5868300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056781 Relevance: 7.5, APIs: 5, Instructions: 44timeclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 000000014005679A
CloseClipboard.USER32 ref: 00000001400567A7
GetCurrentProcessId.KERNEL32 ref: 00000001400567BB
EnumWindows.USER32 ref: 00000001400567D6
SetTimer.USER32 ref: 000000014005681C

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ClipboardCloseCurrentEnumGlobalProcessTimerUnlockWindows
String ID:
API String ID: 555064778-0
Opcode ID: d7e7000f7fa71b31ec12e4a71064e0cb0c189cabd957c8c5d92ba8092aa76622
Instruction ID: 01047a206442631c623d9fc8afa58638c66f59f0f7286b1fd80b421b1d7a3f5d
Opcode Fuzzy Hash: d7e7000f7fa71b31ec12e4a71064e0cb0c189cabd957c8c5d92ba8092aa76622
Instruction Fuzzy Hash: 6F213435204A8684EB56CF62F8403E973A6FB8CBD0F488426EF5A57338DE38C496C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E5A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112comCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A07F0: malloc.LIBCMT ref: 00000001400A083C

OleInitializeWOW.OLE32 ref: 000000014001E827

Strings

No tray mem, xrefs: 000000014001E802
Tray, xrefs: 000000014001E7E4

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Initializemalloc
String ID: No tray mem$Tray
API String ID: 88790506-3325046031
Opcode ID: 167b986c87a6eb74588f89e7d28eae0a4be65e4b0971b05b1d9752b3d69d51a0
Instruction ID: 8d564fe35c182dac0da390cce78c3ff29066b8a0d6f2ac66f5dbdf69229c0886
Opcode Fuzzy Hash: 167b986c87a6eb74588f89e7d28eae0a4be65e4b0971b05b1d9752b3d69d51a0
Instruction Fuzzy Hash: B6715670114B9195F70ACF56BC853C937E8B74DBA0F980229D7A88B779DF3881A5C782

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 000000014001F641
Shell_NotifyIconW.SHELL32 ref: 000000014001F658

Strings

AutoHotkey, xrefs: 000000014001F626

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: IconNotifyShell_wcsncpy
String ID: AutoHotkey
API String ID: 1496823222-348589305
Opcode ID: 075b5b3920936fa44a9e075d04a30048c37492d5eb5f9a2142387f54d84d8c31
Instruction ID: 4301b8857f7c4c4964ba37c08bdae3cf2d9fa6469e76957ea886a5a6690bee5e
Opcode Fuzzy Hash: 075b5b3920936fa44a9e075d04a30048c37492d5eb5f9a2142387f54d84d8c31
Instruction Fuzzy Hash: FB2147B2305B8196EB4ECF22E588799B3A0F748BC0F444129EB6C477A4DF78E5A18700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001ED50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,0000000140005651), ref: 000000014001ED75

Strings

Out of memory., xrefs: 000000014001EE70, 000000014001EF53

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: FileModuleName
String ID: Out of memory.
API String ID: 514040917-4087320997
Opcode ID: 71be8166a3eeb69e981d0dcf70a75407598f219585711e7dc8d66219c816f172
Instruction ID: a9d98e9732b2ba2ae1f5a7423cfb59b4d8c9666029569ffa1c12c0b705826e15
Opcode Fuzzy Hash: 71be8166a3eeb69e981d0dcf70a75407598f219585711e7dc8d66219c816f172
Instruction Fuzzy Hash: A6516F32205BC191EA72DB25A4403DE6391FB8C7D8F540625BB9D4BAE9EF78C645C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A9DC0 Relevance: 3.1, APIs: 2, Instructions: 106COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00000001400A9DF6
GetCPInfo.KERNEL32 ref: 00000001400A9EAB

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 34c8befe1a11d83a5b3b82f47ead34f6fae6d65b2cf58ffa0610502deb994a26
Instruction ID: f4681161839535ae7d438d46ae7b6f6548b7c604f713a3be3c44e761f14c89cf
Opcode Fuzzy Hash: 34c8befe1a11d83a5b3b82f47ead34f6fae6d65b2cf58ffa0610502deb994a26
Instruction Fuzzy Hash: 1A418C72700B4085EB66CF6AE44439977A1E769BD8F588325EB45477FACB38C881CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400566F5 Relevance: 3.1, APIs: 2, Instructions: 51windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005658A
SendMessageTimeoutW.USER32 ref: 0000000140056604
PostMessageW.USER32 ref: 0000000140056635
PostMessageW.USER32 ref: 0000000140056687
SendMessageTimeoutW.USER32 ref: 00000001400566BC
PostMessageW.USER32 ref: 000000014005674D

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Message$Post$SendTimeout$ProcWindow
String ID:
API String ID: 2617672042-0
Opcode ID: 7432dd97336e0ca5e2a9eb91291e145e923e69082e59b47daa1fb105893e3626
Instruction ID: 73b1888842463c5b28837fbf2b81dd9e0adbb29e1a5f7d4ffb7f8bd42a9d17ff
Opcode Fuzzy Hash: 7432dd97336e0ca5e2a9eb91291e145e923e69082e59b47daa1fb105893e3626
Instruction Fuzzy Hash: E211CE35314A8085EBB6CB3794157EA17A1E74DBD8F544826EF4A177B8EA3AC852C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140055FD2 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON

Download Yara Rule

APIs

SetFocus.USER32 ref: 0000000140055FE6
DefWindowProcW.USER32 ref: 000000014005658A

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: FocusProcWindow
String ID:
API String ID: 1691694861-0
Opcode ID: 225bcab6973eb43834ba56c0190f3af4fb52684eb590f06f8402701f701049ea
Instruction ID: dfc9ebec978cd219508c488e5498c733141f996883f141c2a8e9d2eb54b12dec
Opcode Fuzzy Hash: 225bcab6973eb43834ba56c0190f3af4fb52684eb590f06f8402701f701049ea
Instruction Fuzzy Hash: 1AF0C936350A84C5D6A6CB13A8087DA6366F74CBE4F445852DE4957778DE38C446C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140055FF3 Relevance: 1.5, APIs: 1, Instructions: 28windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005658A
SendMessageTimeoutW.USER32 ref: 0000000140056604
PostMessageW.USER32 ref: 0000000140056635
PostMessageW.USER32 ref: 0000000140056687
SendMessageTimeoutW.USER32 ref: 00000001400566BC

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Message$PostSendTimeout$ProcWindow
String ID:
API String ID: 2241355032-0
Opcode ID: ca085d233332e62cce712bdc81b40038db763beb2bcba65b5c17e6152b583c23
Instruction ID: a8ade55ef9d0d06bbdfb74d52d087e952efc8e738a2308589ca3a72f5bc3c959
Opcode Fuzzy Hash: ca085d233332e62cce712bdc81b40038db763beb2bcba65b5c17e6152b583c23
Instruction Fuzzy Hash: 3DF08231744B8085EABBDB23A5003EA1365F74DBD0F444062EF45577B8EE39C886C301

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056020 Relevance: 1.5, APIs: 1, Instructions: 27windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005658A
SendMessageTimeoutW.USER32 ref: 0000000140056604
PostMessageW.USER32 ref: 0000000140056635
PostMessageW.USER32 ref: 0000000140056687
SendMessageTimeoutW.USER32 ref: 00000001400566BC

Part of subcall function 00000001400A2460: DrawIconEx.USER32 ref: 00000001400A2508

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Message$PostSendTimeout$DrawIconProcWindow
String ID:
API String ID: 2027319081-0
Opcode ID: 93840f57cddc85ad156b664afd2d61262233e55f4fb7935b86afe9d337ed8b53
Instruction ID: d115730de8c3497aae408bb222240737d8e4c787f739fd3b653b9da28ce79877
Opcode Fuzzy Hash: 93840f57cddc85ad156b664afd2d61262233e55f4fb7935b86afe9d337ed8b53
Instruction Fuzzy Hash: D6F08C31744B8085EABBDB23A5003EA2365F74DBD4F4840A2EF45577B8EE39C882C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140055F9F Relevance: 1.5, APIs: 1, Instructions: 27windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005658A
SendMessageTimeoutW.USER32 ref: 0000000140056604
PostMessageW.USER32 ref: 0000000140056635
PostMessageW.USER32 ref: 0000000140056687
SendMessageTimeoutW.USER32 ref: 00000001400566BC

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Message$PostSendTimeout$ProcWindow
String ID:
API String ID: 2241355032-0
Opcode ID: e75be4071268f8953f4334042f8e2ae559fb982ed43dda6f635891db74cf67b2
Instruction ID: a7ab1dfd4c82ef0bbedd9820215de5bdd93caecb321ade0ea5c7e4f115c627fb
Opcode Fuzzy Hash: e75be4071268f8953f4334042f8e2ae559fb982ed43dda6f635891db74cf67b2
Instruction Fuzzy Hash: CAF08236310A80D4E7A7CB33A8087D66361F74DBE4F844952EF59577B8EA35C446C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140055F4B Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014005658A

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: 391c6090fe30daed53fa4ce6abced81021ce495aa6095ed17598a2b6c9ad0304
Instruction ID: ee0a50554e3a07e7c65452d425a741d61aec6aebf179a15b4fe4db57ecd21421
Opcode Fuzzy Hash: 391c6090fe30daed53fa4ce6abced81021ce495aa6095ed17598a2b6c9ad0304
Instruction Fuzzy Hash: 0BF0A936320A85C5E6A2CB22E4087DA2322F74CBE8F848852DF4813738DA34C44AC700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056829 Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004F00: GetTickCount.KERNEL32 ref: 0000000140004F38

PostMessageW.USER32 ref: 0000000140056842

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountMessagePostTick
String ID:
API String ID: 1233319983-0
Opcode ID: b83716a63eb8a871c1bfd25f7a3492fa9dec91893b3568fd43223b62b72cff8b
Instruction ID: 587e7bd50d9b9bf28bb34e4fa6077e1959e1091cb3dc814ceeae66323947b0fb
Opcode Fuzzy Hash: b83716a63eb8a871c1bfd25f7a3492fa9dec91893b3568fd43223b62b72cff8b
Instruction Fuzzy Hash: 06E08636314A81D8D7A2CB23A4053DE9315F74CBD0F584462EF8953769EE39C847C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A9B10 Relevance: 1.3, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00000001400A9B2B

Part of subcall function 00000001400C98F4: _FF_MSGBANNER.LIBCMT ref: 00000001400C9924
Part of subcall function 00000001400C98F4: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CEC94,?,?,00000000,00000001400CE54D,?,?,?,00000001400CE5F7,?,?,00000000,00000001400CD9E5), ref: 00000001400C9949
Part of subcall function 00000001400C98F4: _callnewh.LIBCMT ref: 00000001400C9962
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C996D
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C9978

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _errno$AllocateHeap_callnewhmalloc
String ID:
API String ID: 2243056865-0
Opcode ID: 7d383da78186c7f4575701015122d799cf6232100614cf6a718615fad900e78c
Instruction ID: 163a3bb145c1bda163164001befe0f179b58c58930136479e51ad4d3e2facb67
Opcode Fuzzy Hash: 7d383da78186c7f4575701015122d799cf6232100614cf6a718615fad900e78c
Instruction Fuzzy Hash: ADF08132B1464486EF95CF6AF0843AC63E2E798B98F185025EB0A47399DF34C8D1CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A96E0 Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400CAFB0: malloc.LIBCMT ref: 00000001400CAFCA

malloc.LIBCMT ref: 00000001400A9705

Part of subcall function 00000001400C98F4: _FF_MSGBANNER.LIBCMT ref: 00000001400C9924
Part of subcall function 00000001400C98F4: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CEC94,?,?,00000000,00000001400CE54D,?,?,?,00000001400CE5F7,?,?,00000000,00000001400CD9E5), ref: 00000001400C9949
Part of subcall function 00000001400C98F4: _callnewh.LIBCMT ref: 00000001400C9962
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C996D
Part of subcall function 00000001400C98F4: _errno.LIBCMT ref: 00000001400C9978

Part of subcall function 00000001400CA388: HeapFree.KERNEL32(?,?,00000000,00000001400CDAB0,?,?,00000000,00000001400CDAD3,?,?,?,00000001400C96DB,?,?,00000000,00000001400CF68F), ref: 00000001400CA3A6
Part of subcall function 00000001400CA388: _errno.LIBCMT ref: 00000001400CA3B0
Part of subcall function 00000001400CA388: GetLastError.KERNEL32(?,?,00000000,00000001400CDAB0,?,?,00000000,00000001400CDAD3,?,?,?,00000001400C96DB,?,?,00000000,00000001400CF68F), ref: 00000001400CA3B8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _errno$Heapmalloc$AllocateErrorFreeLast_callnewh
String ID:
API String ID: 2348730211-0
Opcode ID: 8bad3631f4926a19309b75f3824eced68846a3d98a3f1c59ee676ae69bc5aff7
Instruction ID: 7479429d75caca40d42044a962ba47e47f89eb35b2a8162d976cc363e75d9b69
Opcode Fuzzy Hash: 8bad3631f4926a19309b75f3824eced68846a3d98a3f1c59ee676ae69bc5aff7
Instruction Fuzzy Hash: 0DF0123171574041EB4F9FA2A4553E521A4A75DB84F081138BF590B395EF7C85D18750

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0000000140094040 Relevance: 169.9, APIs: 30, Strings: 66, Instructions: 1851COMMON

Download Yara Rule

Strings

Check3, xrefs: 0000000140094AAA
Disabled, xrefs: 0000000140094465
HScroll, xrefs: 0000000140094359
Center, xrefs: 000000014009547D
Left, xrefs: 00000001400956BF
Gray, xrefs: 00000001400941AD
Multi, xrefs: 0000000140094B5D
VScroll, xrefs: 0000000140094328
List, xrefs: 00000001400947CC
Trans, xrefs: 0000000140094685
Group, xrefs: 0000000140094416, 00000001400946BB
Desc, xrefs: 0000000140094EC0
AltSubmit, xrefs: 0000000140094163
Sort, xrefs: 0000000140094E79
Number, xrefs: 0000000140094C8A
WantTab, xrefs: 0000000140094C05
NoSort, xrefs: 000000014009484B
Bottom, xrefs: 00000001400953F6
Horz, xrefs: 0000000140094EF4
TickInterval, xrefs: 0000000140094F8F
Report, xrefs: 00000001400947AC
Password, xrefs: 0000000140094D5C
Invalid option., xrefs: 0000000140096292
Unregistered window class., xrefs: 0000000140095471
Checked, xrefs: 0000000140094190
Smooth, xrefs: 000000014009537F
Default, xrefs: 0000000140094A7E
Icon, xrefs: 000000014009474B
Background, xrefs: 00000001400945E0
WantCtrlA, xrefs: 0000000140094C2E
Class, xrefs: 000000014009542A
Vertical, xrefs: 000000014009525B
Wrap, xrefs: 0000000140094558
Small, xrefs: 000000014009476B
ToolTip, xrefs: 00000001400950DB
Grid, xrefs: 00000001400948A0
NoTicks, xrefs: 0000000140094F5D
Theme, xrefs: 00000001400946D2
Lowercase, xrefs: 0000000140094CB2
Range, xrefs: 00000001400952A3
Tile, xrefs: 00000001400947EC
Line, xrefs: 0000000140094FEB
ReadOnly, xrefs: 0000000140094ACF
Thick, xrefs: 000000014009509D
Section, xrefs: 0000000140094140
Tabstop, xrefs: 00000001400943CD
Count, xrefs: 00000001400948CC
Border, xrefs: 00000001400942F7
Page, xrefs: 0000000140095062
Hdr, xrefs: 0000000140094817, 0000000140094868
Buddy, xrefs: 000000014009518B
Uppercase, xrefs: 0000000140094D01
Invert, xrefs: 0000000140094F2C
NoTab, xrefs: 00000001400943F1
Choose, xrefs: 0000000140094235
Hwnd, xrefs: 00000001400946FE
Hidden, xrefs: 00000001400944DD
ImageList, xrefs: 0000000140094A41
WantF2, xrefs: 0000000140094C61
Simple, xrefs: 0000000140094E54
WantReturn, xrefs: 0000000140094BCD
Buttons, xrefs: 00000001400953A4
None, xrefs: 00000001400942B0
Limit, xrefs: 0000000140094DFE
Redraw, xrefs: 000000014009443E
Right, xrefs: 000000014009556D

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID:
String ID: AltSubmit$Background$Border$Bottom$Buddy$Buttons$Center$Check3$Checked$Choose$Class$Count$Default$Desc$Disabled$Gray$Grid$Group$HScroll$Hdr$Hidden$Horz$Hwnd$Icon$ImageList$Invalid option.$Invert$Left$Limit$Line$List$Lowercase$Multi$NoSort$NoTab$NoTicks$None$Number$Page$Password$Range$ReadOnly$Redraw$Report$Right$Section$Simple$Small$Smooth$Sort$Tabstop$Theme$Thick$TickInterval$Tile$ToolTip$Trans$Unregistered window class.$Uppercase$VScroll$Vertical$WantCtrlA$WantF2$WantReturn$WantTab$Wrap
API String ID: 0-806622952
Opcode ID: 9c0853f314653a71c16fd78cf42cb9c6634710ce3fc8e6089bbde66d51037bc0
Instruction ID: a70cef46a5d8823b9ad49777c05fef0cda66a725adcb39bce665a13eaccaaf30
Opcode Fuzzy Hash: 9c0853f314653a71c16fd78cf42cb9c6634710ce3fc8e6089bbde66d51037bc0
Instruction Fuzzy Hash: D303CC7220528085FBA6DB379158BFD2AA0AB4D7C4F958016FF52472F6EB78CA85D301

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400150B0 Relevance: 83.0, APIs: 41, Strings: 6, Instructions: 755threadkeyboardlibraryCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 000000014001517E
CreateMutexW.KERNEL32 ref: 000000014001518F
GetLastError.KERNEL32 ref: 0000000140015198
CloseHandle.KERNEL32 ref: 00000001400151BB
GetWindowThreadProcessId.USER32 ref: 0000000140015254
AttachThreadInput.USER32 ref: 000000014001528F
GetKeyboardLayout.USER32 ref: 00000001400153F5

Part of subcall function 00000001400C9AC4: _errno.LIBCMT ref: 00000001400C9AE2
Part of subcall function 00000001400C9AC4: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C9AED

GetTickCount.KERNEL32 ref: 00000001400152AF
GetCurrentThreadId.KERNEL32 ref: 00000001400152F0
GetAsyncKeyState.USER32 ref: 0000000140015325
GetAsyncKeyState.USER32 ref: 0000000140015335
GetForegroundWindow.USER32 ref: 000000014001539F
GetWindowThreadProcessId.USER32 ref: 00000001400153AF
GetGUIThreadInfo.USER32 ref: 00000001400153CA
GetWindowThreadProcessId.USER32 ref: 00000001400153E2
GetProcAddress.KERNEL32 ref: 0000000140015460
FreeLibrary.KERNEL32 ref: 000000014001547D
GetTickCount.KERNEL32 ref: 00000001400154D4
BlockInput.USER32 ref: 000000014001564D
GetTickCount.KERNEL32 ref: 000000014001568F
PeekMessageW.USER32 ref: 00000001400156BA
GetTickCount.KERNEL32 ref: 00000001400156E1

Strings

{Click, xrefs: 00000001400151D7
AHK Keybd, xrefs: 0000000140015184
KbdLayerDescriptor, xrefs: 0000000140015456
{Text}, xrefs: 0000000140015127
{Blind}, xrefs: 00000001400150FE
^+!#{}, xrefs: 00000001400156F8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Thread$CountTickWindow$Process$AsyncCloseHandleInputState$AddressAttachBlockCreateCurrentErrorForegroundFreeInfoKeyboardLastLayoutLibraryMessageMutexPeekProc_errno_invalid_parameter_noinfo
String ID: AHK Keybd$KbdLayerDescriptor$^+!#{}${Blind}${Click${Text}
API String ID: 4276635616-2714328142
Opcode ID: 02ed67d2469a4e8c73e79b75f289567356a61125a4aac9cdfedc9d1ad9404344
Instruction ID: 78a61c578ddf63c94f2f327055b1cd77146f88a506e7f979645740c686ed92c3
Opcode Fuzzy Hash: 02ed67d2469a4e8c73e79b75f289567356a61125a4aac9cdfedc9d1ad9404344
Instruction Fuzzy Hash: C872FE312046808AFB6B9B37A8543E93BA2E74DBC9F088119FB550F6F5DB7AC845D710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400970DF Relevance: 54.7, APIs: 30, Strings: 1, Instructions: 411windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400C9AC4: _errno.LIBCMT ref: 00000001400C9AE2
Part of subcall function 00000001400C9AC4: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C9AED

ShowWindow.USER32 ref: 00000001400973AC
IsIconic.USER32 ref: 00000001400973FE
GetParent.USER32 ref: 000000014009745A
GetWindowLongW.USER32 ref: 000000014009746F
GetWindowRect.USER32 ref: 0000000140097483
MapWindowPoints.USER32 ref: 0000000140097499

Strings

AutoSize, xrefs: 00000001400970DF

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$IconicLongParentPointsRectShow_errno_invalid_parameter_noinfo
String ID: AutoSize
API String ID: 3524692820-3273791893
Opcode ID: b4e4c80dccc2a4922672325c60072669c323f7c33dbe14c70343fab915200aa3
Instruction ID: 0bbf14fba76946e1ff8c93423ead14cae42458c2d04b1db945de5ee5c426cb03
Opcode Fuzzy Hash: b4e4c80dccc2a4922672325c60072669c323f7c33dbe14c70343fab915200aa3
Instruction Fuzzy Hash: 80129B33B006408BFB6A8B7AC544BED37A1F74CB88F048115EF1A53AA4DB78D9A5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400970D5 Relevance: 45.4, APIs: 30, Instructions: 404windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 00000001400973AC
IsIconic.USER32 ref: 00000001400973FE
GetParent.USER32 ref: 000000014009745A
GetWindowLongW.USER32 ref: 000000014009746F
GetWindowRect.USER32 ref: 0000000140097483
MapWindowPoints.USER32 ref: 0000000140097499
GetWindowLongW.USER32 ref: 000000014009751D

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$Long$IconicParentPointsRectShow
String ID:
API String ID: 3713045906-0
Opcode ID: a60eb514f73574fe41525f6e7ba17ab2ba171b2741972dab2ad8be9ca517f571
Instruction ID: 532c410e5f9e23d1b21be3d92f6b2f384e5e70da3a5ea83f0a83d17082e70dd5
Opcode Fuzzy Hash: a60eb514f73574fe41525f6e7ba17ab2ba171b2741972dab2ad8be9ca517f571
Instruction Fuzzy Hash: 42128B33B006418BFB6A8B7AC544BED77A2F74CB88F048115EF1A53AA4DB74D9A5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D20A4 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 465COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00000001400D20FA
_errno.LIBCMT ref: 00000001400D2101
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D210C

Strings

U, xrefs: 00000001400D2688

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: __doserrno_errno_invalid_parameter_noinfo
String ID: U
API String ID: 3902385426-4171548499
Opcode ID: c0cd2dd0e2a445d843c4b24d5c1eb4c7a2cc0d013df596e675f1e90c99302d18
Instruction ID: 5cac9642e0d1360211bd6057fa48c3d934f2a187db6386d722f5efcc0377ee89
Opcode Fuzzy Hash: c0cd2dd0e2a445d843c4b24d5c1eb4c7a2cc0d013df596e675f1e90c99302d18
Instruction Fuzzy Hash: DD12C33220464586FB228F26E4443EEA7A1FBACBC4F554116FF9A476B4DB3DC546CB20

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007E060 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 230networkfilewindowCOMMON

Download Yara Rule

APIs

_wcstoi64.LIBCMT ref: 000000014007E0C4
InternetOpenW.WININET ref: 000000014007E139
InternetOpenUrlW.WININET ref: 000000014007E15C
InternetCloseHandle.WININET ref: 000000014007E16D
InternetCloseHandle.WININET ref: 000000014007E1BC
InternetCloseHandle.WININET ref: 000000014007E1C5
InternetReadFile.WININET ref: 000000014007E236
GetTickCount.KERNEL32 ref: 000000014007E25D
PeekMessageW.USER32 ref: 000000014007E28A
GetTickCount.KERNEL32 ref: 000000014007E2A1
InternetReadFile.WININET ref: 000000014007E2D9
InternetReadFileExA.WININET ref: 000000014007E2FD
GetTickCount.KERNEL32 ref: 000000014007E31B
PeekMessageW.USER32 ref: 000000014007E348
GetTickCount.KERNEL32 ref: 000000014007E35F
InternetReadFileExA.WININET ref: 000000014007E398
InternetCloseHandle.WININET ref: 000000014007E3AB
InternetCloseHandle.WININET ref: 000000014007E3B4
fclose.LIBCMT ref: 000000014007E3BD
DeleteFileW.KERNEL32 ref: 000000014007E3C9

Strings

8, xrefs: 000000014007E1D4
*, xrefs: 000000014007E0A5
AutoHotkey, xrefs: 000000014007E123

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Internet$CloseFileHandle$CountReadTick$MessageOpenPeek$Delete_wcstoi64fclose
String ID: *$8$AutoHotkey
API String ID: 338787218-1845633735
Opcode ID: 2924c1834e94852ee28bee52b8edd575c8a94f46ffda28f4fcaf0560c3071db4
Instruction ID: 688ff2ad57feb3cea66746958768dd33b706df81357d3a9dfb49618d48106a0e
Opcode Fuzzy Hash: 2924c1834e94852ee28bee52b8edd575c8a94f46ffda28f4fcaf0560c3071db4
Instruction Fuzzy Hash: 06A17F3220168186E7669B67E8547ED73A2FB8DBD4F948021FF4947AA5DF3CC586C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B20D0 Relevance: 32.2, APIs: 16, Strings: 2, Instructions: 703windowtimememoryCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32 ref: 00000001400B216A
GetWindowThreadProcessId.USER32 ref: 00000001400B218A
OpenProcess.KERNEL32(?,?,?,00000000,?,?,000000014004D57E), ref: 00000001400B219D
VirtualAllocEx.KERNEL32(?,?,?,00000000,?,?,000000014004D57E), ref: 00000001400B21C9
CloseHandle.KERNEL32(?,?,?,00000000,?,?,000000014004D57E), ref: 00000001400B21DF
GetTickCount.KERNEL32 ref: 00000001400B222B
SendMessageTimeoutW.USER32 ref: 00000001400B226B
SendMessageTimeoutW.USER32 ref: 00000001400B22C2
ReadProcessMemory.KERNEL32(?,?,?,00000000,?,?,000000014004D57E), ref: 00000001400B22F6
IsWindow.USER32 ref: 00000001400B2326
GetTickCount.KERNEL32 ref: 00000001400B2338
VirtualFreeEx.KERNEL32(?,?,?,00000000,?,?,000000014004D57E), ref: 00000001400B2BDA
CloseHandle.KERNEL32(?,?,?,00000000,?,?,000000014004D57E), ref: 00000001400B2BE3

Strings

Out of memory., xrefs: 00000001400B25F0, 00000001400B290B, 00000001400B2C1B
Memory limit reached (see #MaxMem in the help file)., xrefs: 00000001400B23D8, 00000001400B26ED, 00000001400B29C2

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: MessageProcessSendTimeout$CloseCountHandleTickVirtualWindow$AllocFreeMemoryOpenReadThread
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2761252263-457448710
Opcode ID: 8e2d3c244104d37e48c8a17b046af73bf27c2f9668867f9173b02d44f557f928
Instruction ID: db6ed67f50dd487d21aea3384e8d083f21c8d6d298fe59c762eb2d05725ae690
Opcode Fuzzy Hash: 8e2d3c244104d37e48c8a17b046af73bf27c2f9668867f9173b02d44f557f928
Instruction Fuzzy Hash: E862CC72204E8486EA679FA3E5143EA63B1FB4C7D4F444612EB9E17AB5EF78C495C300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007EFF0 Relevance: 29.3, APIs: 9, Strings: 7, Instructions: 1251comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 000000014007F0F7
CoCreateInstance.OLE32 ref: 000000014007F11B
malloc.LIBCMT ref: 000000014007F6EE
malloc.LIBCMT ref: 000000014007FA1F
malloc.LIBCMT ref: 000000014007FCB8
malloc.LIBCMT ref: 000000014007FFE7
CoUninitialize.OLE32 ref: 0000000140080340

Strings

, xrefs: 000000014007FF06
, xrefs: 000000014007F609
Out of memory., xrefs: 000000014007F4C2, 000000014007F801, 000000014007FA97, 000000014007FD94, 000000014008006E, 000000014008037B
, xrefs: 000000014007FBD4
, xrefs: 000000014007F93F
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014007F25E, 000000014007F540, 000000014007F87D, 000000014007FB12, 000000014007FE0E, 000000014008012C
, xrefs: 00000001400801E7

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: malloc$CreateInitializeInstanceUninitialize
String ID: $ $ $ $ $Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 1394887808-3083028912
Opcode ID: d0fdb1249d6e40f85268c43500ed9294abec3170a4242f36e0486dd330022261
Instruction ID: 63b2f1cd4fab8468095727c92ae0e7f8a9c26e5d3b3316968bcdd9b9542d9b67
Opcode Fuzzy Hash: d0fdb1249d6e40f85268c43500ed9294abec3170a4242f36e0486dd330022261
Instruction Fuzzy Hash: 00C2DC32304B8482FB638B26D0487FA63A2FB5D7D8F554212EB5A176F5DB78C585E301

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007B090 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 402windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400678C0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,0000000140048892), ref: 00000001400678F3
Part of subcall function 00000001400678C0: IsWindowVisible.USER32 ref: 0000000140067914

Part of subcall function 00000001400C986C: _errno.LIBCMT ref: 00000001400C9884
Part of subcall function 00000001400C986C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C988F

GetSystemMenu.USER32 ref: 000000014007B16C
GetMenu.USER32 ref: 000000014007B182
GetMenuItemCount.USER32 ref: 000000014007B197
GetMenuItemID.USER32 ref: 000000014007B235
GetSubMenu.USER32 ref: 000000014007B247
GetMenuItemCount.USER32 ref: 000000014007B253
GetMenuItemID.USER32 ref: 000000014007B395
GetSubMenu.USER32 ref: 000000014007B3A7
GetMenuItemCount.USER32 ref: 000000014007B3B3
PostMessageW.USER32 ref: 000000014007B3FC
malloc.LIBCMT ref: 000000014007B63C

Part of subcall function 00000001400CA390: HeapFree.KERNEL32(?,?,00000000,00000001400CDAB0,?,?,00000000,00000001400CDAD3,?,?,?,00000001400C96DB,?,?,00000000,00000001400CF68F), ref: 00000001400CA3A6
Part of subcall function 00000001400CA390: _errno.LIBCMT ref: 00000001400CA3B0
Part of subcall function 00000001400CA390: GetLastError.KERNEL32(?,?,00000000,00000001400CDAB0,?,?,00000000,00000001400CDAD3,?,?,?,00000001400C96DB,?,?,00000000,00000001400CF68F), ref: 00000001400CA3B8

Strings

Out of memory., xrefs: 000000014007B6B1
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014007B487

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Menu$Item$Count$Window_errno$ErrorForegroundFreeHeapLastMessagePostSystemVisible_invalid_parameter_noinfomalloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 956903013-457448710
Opcode ID: 66b6c605174590c948f45c3afc713edf4f8239c7afb8314684db160b83b7aec6
Instruction ID: 39bdea7388e691cd618ec09c44664cf99d8ce3cef4532830f8afb7b260e3beb1
Opcode Fuzzy Hash: 66b6c605174590c948f45c3afc713edf4f8239c7afb8314684db160b83b7aec6
Instruction Fuzzy Hash: 59F1CE32204B8496EB669B27E4403EA63A1FB4CBD4F548621EB9A57BF5DF3CC4918350

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400910BB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 151windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 00000001400910F2
GetDC.USER32 ref: 0000000140091184
SelectObject.GDI32 ref: 00000001400911AE
GetTextMetricsW.GDI32 ref: 00000001400911C6
MulDiv.KERNEL32 ref: 00000001400911DC
GetSystemMetrics.USER32 ref: 00000001400911FA
IsWindowVisible.USER32 ref: 000000014009127B
IsIconic.USER32 ref: 0000000140091289
GetPropW.USER32 ref: 00000001400912C5

Strings

ahk_dlg, xrefs: 00000001400912BB

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Metrics$IconicObjectPropSelectSystemTextVisibleWindow
String ID: ahk_dlg
API String ID: 4281603998-2093416220
Opcode ID: 388a6b952f8d86f91f324a756bdb61d6ce2715b891f2c80b9376e876d4d949d1
Instruction ID: 1b6c3d50cbcc00bfff6018689a18d044e4ef112e6d21768b55e253493bca898d
Opcode Fuzzy Hash: 388a6b952f8d86f91f324a756bdb61d6ce2715b891f2c80b9376e876d4d949d1
Instruction Fuzzy Hash: C5619E367006808AF7569B76D8547EC27B2FB8DB98F148119EB0A97BA8DF34C955C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400910AD Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 145windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 000000014009112F
GetDC.USER32 ref: 0000000140091184
SelectObject.GDI32 ref: 00000001400911AE
GetTextMetricsW.GDI32 ref: 00000001400911C6
MulDiv.KERNEL32 ref: 00000001400911DC
GetSystemMetrics.USER32 ref: 00000001400911FA
IsWindowVisible.USER32 ref: 000000014009127B
IsIconic.USER32 ref: 0000000140091289
GetPropW.USER32 ref: 00000001400912C5

Strings

ahk_dlg, xrefs: 00000001400912BB

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Metrics$IconicObjectPropSelectSystemTextVisibleWindow
String ID: ahk_dlg
API String ID: 4281603998-2093416220
Opcode ID: 694cb15707eb2123105ebc48a55c18ff1b8391afd9d0431ea6d260a8c2472e6f
Instruction ID: 343015a6360ccf85803fafab88b0745f1c2c77316236fe982791e8918d461631
Opcode Fuzzy Hash: 694cb15707eb2123105ebc48a55c18ff1b8391afd9d0431ea6d260a8c2472e6f
Instruction Fuzzy Hash: 54617C36B006808AE756DB76D8947EC3772FB8DB98F148119EB0A977A8DF34C5558700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400910A5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 134windowCOMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 0000000140091184
SelectObject.GDI32 ref: 00000001400911AE
GetTextMetricsW.GDI32 ref: 00000001400911C6
MulDiv.KERNEL32 ref: 00000001400911DC
GetSystemMetrics.USER32 ref: 00000001400911FA
IsWindowVisible.USER32 ref: 000000014009127B
IsIconic.USER32 ref: 0000000140091289
GetPropW.USER32 ref: 00000001400912C5
MapWindowPoints.USER32 ref: 00000001400912F7
GetWindowLongW.USER32 ref: 0000000140091311
SendMessageW.USER32 ref: 000000014009132B

Strings

ahk_dlg, xrefs: 00000001400912BB

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$Metrics$IconicLongMessageObjectPointsPropSelectSendSystemTextVisible
String ID: ahk_dlg
API String ID: 662570815-2093416220
Opcode ID: cd1ed712ea032a59148400ab419acb7851f52d08a955457f67b7bf9a6543041e
Instruction ID: 30b4280ea2257720b23cf8c651bcb625b041018c274567c46f05af2a4ea4e1c0
Opcode Fuzzy Hash: cd1ed712ea032a59148400ab419acb7851f52d08a955457f67b7bf9a6543041e
Instruction Fuzzy Hash: 95519C36B006808AE752DB76D8947EC37B2FB8DB98F148119EB0A97BA8DF34C555C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009109D Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 133windowCOMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 0000000140091184
SelectObject.GDI32 ref: 00000001400911AE
GetTextMetricsW.GDI32 ref: 00000001400911C6
MulDiv.KERNEL32 ref: 00000001400911DC
GetSystemMetrics.USER32 ref: 00000001400911FA
IsWindowVisible.USER32 ref: 000000014009127B
IsIconic.USER32 ref: 0000000140091289
GetPropW.USER32 ref: 00000001400912C5
MapWindowPoints.USER32 ref: 00000001400912F7
GetWindowLongW.USER32 ref: 0000000140091311
SendMessageW.USER32 ref: 000000014009132B

Strings

ahk_dlg, xrefs: 00000001400912BB

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$Metrics$IconicLongMessageObjectPointsPropSelectSendSystemTextVisible
String ID: ahk_dlg
API String ID: 662570815-2093416220
Opcode ID: f3373da5eeb2be26852ea396d4e860bcf17a01722aeed4da9efba06baf3c2491
Instruction ID: 941eea4a58e6f9a932204d737e6069433f77235053d411a0f4d31e1437f5d424
Opcode Fuzzy Hash: f3373da5eeb2be26852ea396d4e860bcf17a01722aeed4da9efba06baf3c2491
Instruction Fuzzy Hash: 84518E36B006808AE756DB76D8947EC37B2F78DB98F148119EB0997BA8DF34C555C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009E020 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 80libraryloaderCOMMON

Download Yara Rule

APIs

CreateDialogIndirectParamW.USER32 ref: 000000014009E074
SetPropW.USER32 ref: 000000014009E08F
DestroyWindow.USER32 ref: 000000014009E09C
LoadLibraryW.KERNEL32 ref: 000000014009E0B8
GetProcAddress.KERNEL32 ref: 000000014009E0D0
FreeLibrary.KERNEL32 ref: 000000014009E0E8
SetWindowLongPtrW.USER32 ref: 000000014009E107
GetWindowLongW.USER32 ref: 000000014009E117
SetWindowLongW.USER32 ref: 000000014009E13E

Strings

ahk_dlg, xrefs: 000000014009E085
uxtheme, xrefs: 000000014009E0B1
EnableThemeDialogTexture, xrefs: 000000014009E0C6

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$Long$Library$AddressCreateDestroyDialogFreeIndirectLoadParamProcProp
String ID: EnableThemeDialogTexture$ahk_dlg$uxtheme
API String ID: 1526099453-393749399
Opcode ID: 3d3b39cafc0a21a4fd9f3266b8a1501c2fa0e5db01f660c007338c104bcd3e42
Instruction ID: b4554619df3248d9d563d9d29817cbe6f4cc27d50b384ac534d0befb032c5b78
Opcode Fuzzy Hash: 3d3b39cafc0a21a4fd9f3266b8a1501c2fa0e5db01f660c007338c104bcd3e42
Instruction Fuzzy Hash: 35313D31211B8085EB129F27E8587AE33A6FB8DBD0F548525EB5D477A4DF79C846C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400BCFF0 Relevance: 17.2, Strings: 13, Instructions: 941COMMON

Download Yara Rule

Strings

NO_START_OPT), xrefs: 00000001400BD1DA
no error, xrefs: 00000001400BDD9F
UCP), xrefs: 00000001400BD17D
$, xrefs: 00000001400BDBE7
CR), xrefs: 00000001400BD22E
Error text not found (please report), xrefs: 00000001400BDDC8
CRLF), xrefs: 00000001400BD2FD
BSR_ANYCRLF), xrefs: 00000001400BD43B
UTF16), xrefs: 00000001400BD11A
ANYCRLF), xrefs: 00000001400BD3CD
ANY), xrefs: 00000001400BD36B
LF), xrefs: 00000001400BD29B
BSR_UNICODE), xrefs: 00000001400BD480

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID:
String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$NO_START_OPT)$UCP)$UTF16)$no error
API String ID: 0-3688278424
Opcode ID: cdbe989fd8f1adf1315b4597bbadee4bc7b0d518324d0eb2e3774e1c19b2ab4b
Instruction ID: 997b5a540507012843bd2fcd4e70456e351b2b707638b24b8e62efd58ac8284b
Opcode Fuzzy Hash: cdbe989fd8f1adf1315b4597bbadee4bc7b0d518324d0eb2e3774e1c19b2ab4b
Instruction Fuzzy Hash: C6829B72614F908AE726CFA6D4403EEB7B4F758798F504126FB8987BA4EB38D944C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CE090 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 159fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_set_error_mode.LIBCMT ref: 00000001400CE0D5
_set_error_mode.LIBCMT ref: 00000001400CE0E6
GetModuleFileNameW.KERNEL32 ref: 00000001400CE148

Part of subcall function 00000001400CDED0: GetCurrentProcess.KERNEL32(?,?,?,?,00000001400CDF72), ref: 00000001400CDEE8

GetStdHandle.KERNEL32 ref: 00000001400CE25D
WriteFile.KERNEL32 ref: 00000001400CE2BA

Strings

..., xrefs: 00000001400CE19A
Runtime Error!Program: , xrefs: 00000001400CE115
<program name unknown>, xrefs: 00000001400CE157
Microsoft Visual C++ Runtime Library, xrefs: 00000001400CE201

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: File_set_error_mode$CurrentHandleModuleNameProcessWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 2183313154-4022980321
Opcode ID: 5581d4f1006f7f59a48cc31dd52fee1bf7c62befc4307cb66362e97be309267b
Instruction ID: ff798c847dcfd3e41cc53670097425550252e969d1d32bbb85fec9bbe46c83a5
Opcode Fuzzy Hash: 5581d4f1006f7f59a48cc31dd52fee1bf7c62befc4307cb66362e97be309267b
Instruction Fuzzy Hash: 3B51BE3131878082FB6ADB27A8117DE7396FB8DBD0F544526BF4943BA5DF38C6068600

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005D0A0 Relevance: 12.8, APIs: 4, Strings: 3, Instructions: 562COMMON

Download Yara Rule

APIs

_wcstoi64.LIBCMT ref: 000000014005D7D6

Part of subcall function 00000001400B0E60: malloc.LIBCMT ref: 00000001400B0E83

Strings

, xrefs: 000000014005D2C3
Out of memory., xrefs: 000000014005D44A, 000000014005D80E
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014005D1E0, 000000014005D4D9

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _wcstoi64malloc
String ID: $Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 4111414685-1193006554
Opcode ID: 6921d2ac176e67964dd7940825ff1be71b65bfef5117f5cc6cc67cd1bf16a1f5
Instruction ID: dc4a5fbb56ba3fad57ec6328a1702734d500521029dd61360cef89497a70b615
Opcode Fuzzy Hash: 6921d2ac176e67964dd7940825ff1be71b65bfef5117f5cc6cc67cd1bf16a1f5
Instruction Fuzzy Hash: D1329B72604B8086EB76DB26D5143E973A2F74CBD8F544213EB5A177F9DA3AC886C340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004E07B Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 217COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 000000014004E0B1
OpenProcess.KERNEL32 ref: 000000014004E0C7
SetPriorityClass.KERNEL32 ref: 000000014004E0DA
CloseHandle.KERNEL32 ref: 000000014004E0E5

Part of subcall function 0000000140081B30: CreateToolhelp32Snapshot.KERNEL32 ref: 0000000140081B4D
Part of subcall function 0000000140081B30: Process32FirstW.KERNEL32 ref: 0000000140081B5E
Part of subcall function 0000000140081B30: Process32NextW.KERNEL32 ref: 0000000140081C8D

malloc.LIBCMT ref: 000000014004E2C8

Strings

Out of memory., xrefs: 000000014004E7ED
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014004E5E6

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ProcessProcess32$ClassCloseCreateCurrentFirstHandleNextOpenPrioritySnapshotToolhelp32malloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2654119868-457448710
Opcode ID: 7f7f67783e046d24459ae325446d264f02b5fb75057d9c053b0fc468008b1c5b
Instruction ID: 5f74867d58a48ebe5041723945bbf8e534444e9ba551feab0c8959c0492cc0c3
Opcode Fuzzy Hash: 7f7f67783e046d24459ae325446d264f02b5fb75057d9c053b0fc468008b1c5b
Instruction Fuzzy Hash: FD91D072304B8086FB638B27D6143ED6396BB5D7D8F4A4532FB1A0B6F5EA78C4418348

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140010070 Relevance: 9.5, APIs: 1, Strings: 5, Instructions: 464COMMON

Download Yara Rule

Strings

Max hotkeys., xrefs: 000000014001024A
The AltTab hotkey "%s" must specify which key (L or R)., xrefs: 000000014001036D
Out of memory., xrefs: 000000014001020E
The AltTab hotkey "%s" must have exactly one modifier/prefix., xrefs: 0000000140010492
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140010164

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID:
String ID: Max hotkeys.$Memory limit reached (see #MaxMem in the help file).$Out of memory.$The AltTab hotkey "%s" must have exactly one modifier/prefix.$The AltTab hotkey "%s" must specify which key (L or R).
API String ID: 0-3864134736
Opcode ID: 816e9869e3d7c710272f99d2fba30b9fc35daa2e2b0dc593368268c7f5f19107
Instruction ID: 0f2ba2f35babb6e35fbc1149bba8974d81404a9330d6bc132b6322c87452410e
Opcode Fuzzy Hash: 816e9869e3d7c710272f99d2fba30b9fc35daa2e2b0dc593368268c7f5f19107
Instruction Fuzzy Hash: 9612D1726086B092FB679B2790143EA27A1F74D7D4F448616FBD90B6F5CBBAC891C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140082030 Relevance: 7.6, APIs: 5, Instructions: 125comCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32 ref: 0000000140082079
CLSIDFromString.OLE32 ref: 00000001400820D6
CLSIDFromString.OLE32 ref: 00000001400820FA
CoCreateInstance.OLE32 ref: 0000000140082125
CoCreateInstance.OLE32 ref: 0000000140082169

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: From$CreateInstanceString$Prog
String ID:
API String ID: 3834119650-0
Opcode ID: e9c398f4b58003f7443d3e2bf6561f5cb0e3352f38afacd7018d328c99e1f774
Instruction ID: ac5922112baad4ed4681dd4dc485ef7d4405daea380aee3ae217490425c84e23
Opcode Fuzzy Hash: e9c398f4b58003f7443d3e2bf6561f5cb0e3352f38afacd7018d328c99e1f774
Instruction Fuzzy Hash: D9516937215B4582EB669F27E4187ED73A1FB88BC4F548019EB49077AAEF79C644CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018050 Relevance: 3.1, APIs: 2, Instructions: 140keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32 ref: 0000000140018141
BlockInput.USER32 ref: 00000001400182A4

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 2e2619190b5dce62074c304cdaf6cf6b7f754726ce2496bc6dcbbeeb17e02182
Instruction ID: 8db56e4b293fc16af5ea9314173d5609e07fcdbc4b0be01c6743b93214b248b8
Opcode Fuzzy Hash: 2e2619190b5dce62074c304cdaf6cf6b7f754726ce2496bc6dcbbeeb17e02182
Instruction Fuzzy Hash: 3A618F715086C08AE7BB8B27B8847EA7BA1B35DBD4F040115EF950B7B5D63ECA45CB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004604B Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

0, xrefs: 0000000140046219

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _wcstoi64
String ID: 0
API String ID: 1512447906-4108050209
Opcode ID: 4ff8b4a688f08073bd11c93d969739cf3ab671742a555c03bb25c48ccd950a40
Instruction ID: 1541da35cc747ad598c25ec8b4a13abea5abb3cf6d8859bc023e50ea464ababb
Opcode Fuzzy Hash: 4ff8b4a688f08073bd11c93d969739cf3ab671742a555c03bb25c48ccd950a40
Instruction Fuzzy Hash: CEA19F76A0455141FBBB2A3B91113FE2191EB6D7C5F8A8036FF82531F5FA748882990F

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400BB0E0 Relevance: .6, Instructions: 584COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b755e3c87153a68fc1b1ff6373c1595d19dfb8b3c42b8bd0ba14be5e6421088c
Instruction ID: 2d2f3ecea6f8a63f2237614f8041273b31989ec03800b21762bd14bb9e2c3deb
Opcode Fuzzy Hash: b755e3c87153a68fc1b1ff6373c1595d19dfb8b3c42b8bd0ba14be5e6421088c
Instruction Fuzzy Hash: C1329C36B10A91CBE7218FAA94407ED37B1F348BD8F614126EF5997BA8DB74C941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400920ED Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 239windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 0000000140092185
SendMessageW.USER32 ref: 00000001400921B2
SendMessageW.USER32 ref: 00000001400921D9
SendMessageW.USER32 ref: 0000000140092239
SendMessageW.USER32 ref: 0000000140092258
SendMessageW.USER32 ref: 0000000140092280
SendMessageW.USER32 ref: 00000001400922B6
SendMessageW.USER32 ref: 00000001400922E4
SendMessageW.USER32 ref: 0000000140092318
GetDC.USER32 ref: 0000000140092390
SelectObject.GDI32 ref: 00000001400923BA
GetTextMetricsW.GDI32 ref: 00000001400923D7
MoveWindow.USER32 ref: 0000000140092446
SelectObject.GDI32 ref: 0000000140092B9C
ReleaseDC.USER32 ref: 0000000140092BAD

Strings

Can't create control., xrefs: 0000000140092BC0
SysMonthCal32, xrefs: 000000014009217A

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: MessageSend$ObjectSelectWindow$CreateMetricsMoveReleaseText
String ID: Can't create control.$SysMonthCal32
API String ID: 882432197-3692857110
Opcode ID: 6b2314eceff9eed1d9d37746a94222c8e698c6e1e89d2c21c26601dd850b8478
Instruction ID: 9daf20a8eb0b430d085b12a06023c23bcd2f89e50cbce29571762156b99b8000
Opcode Fuzzy Hash: 6b2314eceff9eed1d9d37746a94222c8e698c6e1e89d2c21c26601dd850b8478
Instruction Fuzzy Hash: D6C14A367007808AEB62CF26E9407DD33A1F78C798F148116EF499BBA8DB34D991CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400440E2 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400C9AC4: _errno.LIBCMT ref: 00000001400C9AE2
Part of subcall function 00000001400C9AC4: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C9AED

MulDiv.KERNEL32 ref: 000000014004412C
CreateDCW.GDI32 ref: 00000001400441E7
GetDeviceCaps.GDI32 ref: 00000001400441F8
GetStockObject.GDI32 ref: 0000000140044206
SelectObject.GDI32 ref: 0000000140044215
GetTextFaceW.GDI32 ref: 000000014004422E
GetTextMetricsW.GDI32 ref: 000000014004423E

Strings

DISPLAY, xrefs: 00000001400441D8
Hide, xrefs: 00000001400440E2

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ObjectText$CapsCreateDeviceFaceMetricsSelectStock_errno_invalid_parameter_noinfo
String ID: DISPLAY$Hide
API String ID: 2877261776-1671811882
Opcode ID: 0f449452ca249aad3ac27d9fb622ae29698c30e4f1e9548a9f5e996f8a46743b
Instruction ID: 18e6cabf330ffeb8f1893f4d937456af86b80d2a8ceb73fdaf2dc2446ca45b1e
Opcode Fuzzy Hash: 0f449452ca249aad3ac27d9fb622ae29698c30e4f1e9548a9f5e996f8a46743b
Instruction Fuzzy Hash: F9419E35600741CAEB6A8F62E4503ED37A1F75DB88F918029EF4A47BB8DB79C881C754

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004EFF2 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 000000014004F012
SetLastError.KERNEL32 ref: 000000014004F06C
SetWindowLongW.USER32 ref: 000000014004F07B
GetLastError.KERNEL32 ref: 000000014004F085
GetWindowLongW.USER32 ref: 000000014004F095
SetWindowPos.USER32 ref: 000000014004F0BC
InvalidateRect.USER32 ref: 000000014004F0CA

Strings

+-^, xrefs: 000000014004F01B
7, xrefs: 000000014004F0A1

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Window$Long$ErrorLast$InvalidateRect
String ID: +-^$7
API String ID: 189950902-219994616
Opcode ID: 64b95e1410672d16fa78a0b5d8848199f3c403b7a6a22032e512b73db9f44ec5
Instruction ID: 67370371f2549f1f11f17ea194c75cb28901b8187bf69e12c89a08b6ea4c8d1c
Opcode Fuzzy Hash: 64b95e1410672d16fa78a0b5d8848199f3c403b7a6a22032e512b73db9f44ec5
Instruction Fuzzy Hash: FE31F23130064082F6769B27A8403FE6291BBCCBD8F598535FF0A872B6DF7CD482A604

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D7090 Relevance: 15.1, APIs: 10, Instructions: 123COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400D70D7
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D70E3
_errno.LIBCMT ref: 00000001400D712D
_errno.LIBCMT ref: 00000001400D7138
_errno.LIBCMT ref: 00000001400D716A
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D7174
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001400D7263), ref: 00000001400D71E6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001400D7263), ref: 00000001400D7203
_errno.LIBCMT ref: 00000001400D7229
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D7235

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo$ByteCharErrorLastMultiWide
String ID:
API String ID: 2295021086-0
Opcode ID: 569ddca6b35fd994ed6ef3b9bf852d5c89e6ea019961a0f45e743062bd4552c7
Instruction ID: 443a1a4cf19aaa4f0f629d9003c6968925001c0d4b9549c986225ecc5cce6747
Opcode Fuzzy Hash: 569ddca6b35fd994ed6ef3b9bf852d5c89e6ea019961a0f45e743062bd4552c7
Instruction Fuzzy Hash: 3E51B4726017418AFB679F66C4407EC36A1AF4C7E8F548225FB5D07AFAEB3884438721

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009D000 Relevance: 15.1, APIs: 10, Instructions: 96windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014009D028
SendMessageW.USER32 ref: 000000014009D040
SendMessageW.USER32 ref: 000000014009D08E
SendMessageW.USER32 ref: 000000014009D0A5
SendMessageW.USER32 ref: 000000014009D0C1
SendMessageW.USER32 ref: 000000014009D0DD
SendMessageW.USER32 ref: 000000014009D0F9
SendMessageW.USER32 ref: 000000014009D116
SendMessageW.USER32 ref: 000000014009D136
SendMessageW.USER32 ref: 000000014009D153

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: f993015a46956e3bc97ef4dd5510cb2dd11d1168c91ee112a1f33e74e4bc7202
Instruction ID: 5b4ca2d9224777c433b65e8ee3a2dc59392b4ebacb15cca1a8b41f6f92169f04
Opcode Fuzzy Hash: f993015a46956e3bc97ef4dd5510cb2dd11d1168c91ee112a1f33e74e4bc7202
Instruction Fuzzy Hash: 90417576714A4482F7618FA7E651BEE3762E7C9FC4F049026AF0947BA5CE35C4A28350

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140044057 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 000000014004409B
CreateDCW.GDI32 ref: 00000001400441E7
GetDeviceCaps.GDI32 ref: 00000001400441F8
GetStockObject.GDI32 ref: 0000000140044206
SelectObject.GDI32 ref: 0000000140044215
GetTextFaceW.GDI32 ref: 000000014004422E
GetTextMetricsW.GDI32 ref: 000000014004423E
GetIconInfo.USER32 ref: 0000000140044327
GetObjectW.GDI32 ref: 000000014004434E
DeleteObject.GDI32 ref: 0000000140044427
DeleteObject.GDI32 ref: 0000000140044431
MulDiv.KERNEL32 ref: 0000000140044450
SetRect.USER32 ref: 000000014004448B
MulDiv.KERNEL32 ref: 00000001400444BB

Strings

DISPLAY, xrefs: 00000001400441D8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Object$DeleteText$CapsCreateDeviceFaceIconInfoMetricsRectSelectStock
String ID: DISPLAY
API String ID: 2624006087-865373369
Opcode ID: 98d53c2107eed14f1135ddcebc93b13cde2dac229000c0c206295ecfac3ee376
Instruction ID: c46a05f7cc267419aa90a7256705b903e130f1f8972fa2c423152d34b92fe768
Opcode Fuzzy Hash: 98d53c2107eed14f1135ddcebc93b13cde2dac229000c0c206295ecfac3ee376
Instruction Fuzzy Hash: AD51BF367407418AFB2A8F62D4503ED37A1E79DB88F518129EF4647BB8DB38C481CB44

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009AFF0 Relevance: 13.7, APIs: 9, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3559077afc91f2687e6953eaae759b7b6464039682bc56406f54fb7b85149da
Instruction ID: a78af958f985def3df44dbd53db0d2877ce6f727ba5e73d292cf3a03a32be679
Opcode Fuzzy Hash: b3559077afc91f2687e6953eaae759b7b6464039682bc56406f54fb7b85149da
Instruction Fuzzy Hash: 509101B2610681C6EB2ACB23E514BE933A1FB8DBD4F448521EB8A47BB5CF38C545C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140043FF6 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100windowCOMMON

Download Yara Rule

APIs

CreateDCW.GDI32 ref: 00000001400441E7
GetDeviceCaps.GDI32 ref: 00000001400441F8
GetStockObject.GDI32 ref: 0000000140044206
SelectObject.GDI32 ref: 0000000140044215
GetTextFaceW.GDI32 ref: 000000014004422E
GetTextMetricsW.GDI32 ref: 000000014004423E
GetIconInfo.USER32 ref: 0000000140044327
GetObjectW.GDI32 ref: 000000014004434E
DeleteObject.GDI32 ref: 0000000140044427
DeleteObject.GDI32 ref: 0000000140044431
MulDiv.KERNEL32 ref: 0000000140044450
SetRect.USER32 ref: 000000014004448B
MulDiv.KERNEL32 ref: 00000001400444BB
CreateFontW.GDI32 ref: 0000000140044537

Strings

DISPLAY, xrefs: 00000001400441D8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Object$CreateDeleteText$CapsDeviceFaceFontIconInfoMetricsRectSelectStock
String ID: DISPLAY
API String ID: 3544818348-865373369
Opcode ID: 39679ee8ed12cd056e9910cae8218503f2001ef782f405bf793b45506097a04f
Instruction ID: 4a051cfcb0eaca6c5c9e16d7b99284bc12f64e95153e5900f6763bbb9fd2f602
Opcode Fuzzy Hash: 39679ee8ed12cd056e9910cae8218503f2001ef782f405bf793b45506097a04f
Instruction Fuzzy Hash: A141C43660174186EB6A9F62D4513ED37E0F79DB88F958029EF49477B8DB38C881C744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140044049 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

CreateDCW.GDI32 ref: 00000001400441E7
GetDeviceCaps.GDI32 ref: 00000001400441F8
GetStockObject.GDI32 ref: 0000000140044206
SelectObject.GDI32 ref: 0000000140044215
GetTextFaceW.GDI32 ref: 000000014004422E
GetTextMetricsW.GDI32 ref: 000000014004423E
GetIconInfo.USER32 ref: 0000000140044327
GetObjectW.GDI32 ref: 000000014004434E
DeleteObject.GDI32 ref: 0000000140044427
DeleteObject.GDI32 ref: 0000000140044431
MulDiv.KERNEL32 ref: 0000000140044450
SetRect.USER32 ref: 000000014004448B
MulDiv.KERNEL32 ref: 00000001400444BB
CreateFontW.GDI32 ref: 0000000140044537
MulDiv.KERNEL32 ref: 000000014004455C
CreateFontW.GDI32 ref: 00000001400445C3
SelectObject.GDI32 ref: 00000001400445DE
DrawTextW.USER32 ref: 0000000140044615
MulDiv.KERNEL32 ref: 0000000140044651
CreateFontW.GDI32 ref: 000000014004469D
MulDiv.KERNEL32 ref: 00000001400446C1
CreateFontW.GDI32 ref: 000000014004470F
SelectObject.GDI32 ref: 000000014004476A
DrawTextW.USER32 ref: 000000014004479D
SelectObject.GDI32 ref: 00000001400447BE
DeleteDC.GDI32 ref: 00000001400447C7

Strings

DISPLAY, xrefs: 00000001400441D8

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Object$Create$FontSelectText$Delete$Draw$CapsDeviceFaceIconInfoMetricsRectStock
String ID: DISPLAY
API String ID: 287169048-865373369
Opcode ID: a4ebd444dbf5a892b5084ce7ae9dc2efbef0ff1468b7879e59a9d907abcd4d97
Instruction ID: 3b4c815120308d3a35270738515f55e0e2b521e4c275e7864e76d7e05d711a06
Opcode Fuzzy Hash: a4ebd444dbf5a892b5084ce7ae9dc2efbef0ff1468b7879e59a9d907abcd4d97
Instruction Fuzzy Hash: 5E31A136601741CAEB6A8F62E4507ED37A1F75DB88F918028EF4603BB8DB78C881C744

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CEFE8 Relevance: 10.7, APIs: 7, Instructions: 184COMMON

Download Yara Rule

APIs

GetStartupInfoW.KERNEL32 ref: 00000001400CF009

Part of subcall function 00000001400CECE4: Sleep.KERNEL32(?,?,00000000,00000001400CDA77,?,?,00000000,00000001400CDAD3,?,?,?,00000001400C96DB,?,?,00000000,00000001400CF68F), ref: 00000001400CED29

GetFileType.KERNEL32 ref: 00000001400CF174
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00000001400CF1B2

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountCriticalFileInfoInitializeSectionSleepSpinStartupType
String ID:
API String ID: 3473179607-0
Opcode ID: 780561d2c27848dcd39b9dbc2a2636a36aabcad9cb61658c5acb17392329911c
Instruction ID: 1d1be620e2b4c97c3ddc68b89bc1110c7da95542d38aaf378495fea7d8e46fbc
Opcode Fuzzy Hash: 780561d2c27848dcd39b9dbc2a2636a36aabcad9cb61658c5acb17392329911c
Instruction Fuzzy Hash: F8817C72204B8586EB1ACF26D8847A937A1F74CBB4F588325EB7A472F5EB38C455D301

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D4010 Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00000001400D4033
_errno.LIBCMT ref: 00000001400D403B

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 96f3c619d4730691ea0ab39e746b07c26a9c82994b5e2e28ec79f301d66cb599
Instruction ID: 61810cb3606c2d959b1fad13ee93cd39b502097a8d7ef20277c545dd3fbbb35e
Opcode Fuzzy Hash: 96f3c619d4730691ea0ab39e746b07c26a9c82994b5e2e28ec79f301d66cb599
Instruction Fuzzy Hash: F421CF3221465446E71B6F2798913EE7961AB8CBF1F494729BF390B3F2CB7884438721

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003D0E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 281COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 000000014003D15E
wcsncpy.LIBCMT ref: 000000014003D1C8
wcsncpy.LIBCMT ref: 000000014003D1E5

Strings

Out of memory., xrefs: 000000014003D172

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: wcsncpy$malloc
String ID: Out of memory.
API String ID: 3893603446-4087320997
Opcode ID: b042ff4820e0682f67c073ad6f3c1d0de4b209f643d301f0a11639aac15e746f
Instruction ID: 14198d351710c859554830b83d1b07749f2ee7e081375022db9045073fd24bd5
Opcode Fuzzy Hash: b042ff4820e0682f67c073ad6f3c1d0de4b209f643d301f0a11639aac15e746f
Instruction Fuzzy Hash: F8C1AF7260069185EB679F26E4003EA33E1FB5DBD8F498512FB59876E5EB78CA81C301

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140053037 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 244COMMON

Download Yara Rule

APIs

EnumDisplayMonitors.USER32 ref: 0000000140053053

Strings

Out of memory., xrefs: 000000014005335D
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140053113

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: DisplayEnumMonitors
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2950131505-457448710
Opcode ID: 995783026674245a5d85e6fbe2f4a6a02867981b2ede4f6a1239627f0557edf9
Instruction ID: 5ec8ecba5ccaee74e7f2f36ab51f39b8b621e8c05e63d2cd12d947db5b864784
Opcode Fuzzy Hash: 995783026674245a5d85e6fbe2f4a6a02867981b2ede4f6a1239627f0557edf9
Instruction Fuzzy Hash: 22910E32704B4485FB63CB66E5153E96361A74DBE8F984222EF1D176E9DF39C886C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140085040 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000000014008505C
GetProcAddress.KERNEL32 ref: 0000000140085071

Strings

atl, xrefs: 0000000140085055
AtlAxGetControl, xrefs: 0000000140085067

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: AtlAxGetControl$atl
API String ID: 1646373207-1501572552
Opcode ID: 9fb0064a145477a89debcc0b8e928a7afc2a78d4d2fa918632ad5cf76324deda
Instruction ID: a8bfa4c716bb2a7a3371df640928aa57c2b607b6b3af5ccf09651717095a4522
Opcode Fuzzy Hash: 9fb0064a145477a89debcc0b8e928a7afc2a78d4d2fa918632ad5cf76324deda
Instruction Fuzzy Hash: C2313D72201B0582EF469F6AE85439967A0FB8CBC9F184425EF4E473A4EF3CC585C790

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007C078 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32 ref: 000000014007C0A0
SendMessageTimeoutW.USER32 ref: 000000014007C104

Strings

List, xrefs: 000000014007C0C5
Combo, xrefs: 000000014007C0AA

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ClassMessageNameSendTimeout
String ID: Combo$List
API String ID: 1632441287-1246219895
Opcode ID: fe6dec04dbfcb27015ce7c741fc8c4a9eb790a48653b37d5af99254213ea5a52
Instruction ID: 6b14a30170b4a3499adfbac4450d0fc46c8932112e0d4223927cd8c8cb562b71
Opcode Fuzzy Hash: fe6dec04dbfcb27015ce7c741fc8c4a9eb790a48653b37d5af99254213ea5a52
Instruction Fuzzy Hash: DF319131310A4085FB269B26A450BEA2361E78D7E8F54531AEF2A07BF5DF3DC546C781

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006A0E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69timeCOMMON

Download Yara Rule

APIs

FileTimeToLocalFileTime.KERNEL32 ref: 000000014006A171
FileTimeToSystemTime.KERNEL32 ref: 000000014006A184
_swprintf.LIBCMT ref: 000000014006A1C8

Strings

%04d%02d%02d%02d%02d%02d, xrefs: 000000014006A1BA

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: Time$File$LocalSystem_swprintf
String ID: %04d%02d%02d%02d%02d%02d
API String ID: 1396123627-4847443
Opcode ID: cea9c1139b640c3ff6f130b677b2a80d750d402cc05b4dcf9db681a2e775cfeb
Instruction ID: 6d2462c4580b39a0513a4a72c03100e2aa848b7e7dae2fae746767d9a354a5ec
Opcode Fuzzy Hash: cea9c1139b640c3ff6f130b677b2a80d750d402cc05b4dcf9db681a2e775cfeb
Instruction Fuzzy Hash: FF31847220868481DB659F16E8503AEB7B2F7CABA0F144216FBAD47BE4DB3CC450DB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017010 Relevance: 6.2, APIs: 4, Instructions: 169COMMON

Download Yara Rule

APIs

UnhookWindowsHookEx.USER32 ref: 000000014001708C
GetTickCount.KERNEL32 ref: 00000001400170E1
GetTickCount.KERNEL32 ref: 000000014001722E

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: CountTick$HookUnhookWindows
String ID:
API String ID: 4100890187-0
Opcode ID: e6d995f663e52b511d71d64dcde1081002d16a26a67de2394373dfde87e44bdc
Instruction ID: 806c98f0e59efbe05f18fcd56d670788d5d5accf6baab1ce4199ddf259e1282c
Opcode Fuzzy Hash: e6d995f663e52b511d71d64dcde1081002d16a26a67de2394373dfde87e44bdc
Instruction Fuzzy Hash: 0E81D271514A908AE75ACF26F4407A977F1F34CB85F148126EB8A4B7B9D73EC882CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400830A0 Relevance: 6.2, APIs: 4, Instructions: 160COMMON

Download Yara Rule

APIs

_wcstoi64.LIBCMT ref: 00000001400831B9
SafeArrayCreate.OLEAUT32 ref: 000000014008323E
SafeArrayDestroy.OLEAUT32 ref: 00000001400832AD

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: ArraySafe$CreateDestroy_wcstoi64
String ID:
API String ID: 2980161006-0
Opcode ID: fa79dfdd818fda1223ebafd32a1d93f201dddf99b116e53d6235f19a055bfeac
Instruction ID: 013caffe27693f741bd030a9c6d5561f79ad45796333acdf2c575bb21932f3b6
Opcode Fuzzy Hash: fa79dfdd818fda1223ebafd32a1d93f201dddf99b116e53d6235f19a055bfeac
Instruction Fuzzy Hash: 66515973605B4186EF6A9F1695143EA77A1F7CCFC4F58A426EB4A077A1DB38CA52C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CC068 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400CC09F
_invalid_parameter_noinfo.LIBCMT ref: 00000001400CC0AA
_flush.LIBCMT ref: 00000001400CC15F
_fileno.LIBCMT ref: 00000001400CC180

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _errno_fileno_flush_invalid_parameter_noinfo
String ID:
API String ID: 329365992-0
Opcode ID: f110fd1979069de755ee0eeb97a4febbd34db1ad4f6975d0825c039cbb75966d
Instruction ID: 6193ee16e510ec1f110b17263a47af7f50984df4acf2b75deac213544fc177cc
Opcode Fuzzy Hash: f110fd1979069de755ee0eeb97a4febbd34db1ad4f6975d0825c039cbb75966d
Instruction Fuzzy Hash: 72412A3132874086FA2E9E27D5547AAB691B74EBD4F2C4224FF56877F7D638C4828600

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140066020 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00000001400660F4
WriteFile.KERNEL32 ref: 0000000140066127
GetLastError.KERNEL32 ref: 0000000140066139
CloseHandle.KERNEL32 ref: 0000000140066152

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastWrite
String ID:
API String ID: 1150274393-0
Opcode ID: 6c291da7dc04bf73cdfc85c294eaece946bf27ead5f565dce4c3447c35db2878
Instruction ID: ecdcb73defcf8d59bb4a4e6cb53c41b62ed6fa20359501fdac7c5f98df77d087
Opcode Fuzzy Hash: 6c291da7dc04bf73cdfc85c294eaece946bf27ead5f565dce4c3447c35db2878
Instruction Fuzzy Hash: AA41037230469082F766DF27A9003EA6291B78DBE4F584229EF6E47BE5DB38C4498700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CC05C Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400CBFAD
_invalid_parameter_noinfo.LIBCMT ref: 00000001400CBFB8
_errno.LIBCMT ref: 00000001400CBFF1
_errno.LIBCMT ref: 00000001400CC004

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: a6134015f8465b33c1a45b495b759b2d226e53d16e56ca6402deac43e627d807
Instruction ID: a7afbb755975d8c9bdae54d1e6862d9b522f0d38b2164309737b1f4c3d3eb9cf
Opcode Fuzzy Hash: a6134015f8465b33c1a45b495b759b2d226e53d16e56ca6402deac43e627d807
Instruction Fuzzy Hash: D021DF3521874582FA1BAB13AC013DFA2A17B4CBD4F148025BF49477B6EF3CC8829B10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400780E0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 229COMMON

Download Yara Rule

APIs

_wcstoi64.LIBCMT ref: 0000000140078321

Strings

0, xrefs: 00000001400781CA

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _wcstoi64
String ID: 0
API String ID: 1512447906-4108050209
Opcode ID: b919a8a227bbd832ff23e623d05075d7aaf48c76ff6371047bfbf187e74a5bb1
Instruction ID: 7977425857ede425d25b9d0f42fb4c7c679c295b364bcfa789275b16eca6ff67
Opcode Fuzzy Hash: b919a8a227bbd832ff23e623d05075d7aaf48c76ff6371047bfbf187e74a5bb1
Instruction Fuzzy Hash: CE818E76A94A1041EBB79B1BA4013FA62D4E758BD5F858522FF98472E5E77CC8C3C304

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140028090 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 000000014002823C

Strings

{, xrefs: 00000001400280F4
This line does not contain a recognized action., xrefs: 0000000140028212

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: wcsncpy
String ID: This line does not contain a recognized action.${
API String ID: 322933527-101845141
Opcode ID: 96e2bdb50d99c289e95d7e86cc5b735fd7cf83b33a56022ef4805bb74e4ca144
Instruction ID: 3d5f31f157523ccd65dd07e6069d956ba6fd8be792831804eadbaea2e05837be
Opcode Fuzzy Hash: 96e2bdb50d99c289e95d7e86cc5b735fd7cf83b33a56022ef4805bb74e4ca144
Instruction Fuzzy Hash: 1441D62971928085E7318F5AE5003AA7261EB5C7D0F54221AFFA9C7BE8E73DCD51C709

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400DE035 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00000001400DE0F9

Strings

csm, xrefs: 00000001400DE05C
csm, xrefs: 00000001400DE0B5

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: _getptd
String ID: csm$csm
API String ID: 3186804695-3733052814
Opcode ID: 7e1f889b508aeba28d83891655026512b41181a10c57c3dd5106c4fa42a59377
Instruction ID: fb50801649d1b73dade7f2fb63442e086847a000bb47dd3fb8850ecfb4f76342
Opcode Fuzzy Hash: 7e1f889b508aeba28d83891655026512b41181a10c57c3dd5106c4fa42a59377
Instruction Fuzzy Hash: B431B0772006448AEB619F26C4803DC3BB5F758BA9F8A1215EB0D0BBA9CB71C8C1C794

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400690B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetSystemDefaultUILanguage.KERNEL32 ref: 00000001400690BE
_swprintf.LIBCMT ref: 00000001400690D2

Part of subcall function 00000001400CA240: _errno.LIBCMT ref: 00000001400CA278
Part of subcall function 00000001400CA240: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CA283

Strings

%04hX, xrefs: 00000001400690C4

Memory Dump Source

Source File: 00000000.00000002.1685021156.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000000.00000002.1685008187.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400DF000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685083031.00000001400F1000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140110000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685117009.0000000140119000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685144559.000000014011D000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685156575.0000000140125000.00000010.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140128000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1685168451.0000000140132000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140000000_Setup.jbxd

Similarity

API ID: DefaultLanguageSystem_errno_invalid_parameter_noinfo_swprintf
String ID: %04hX
API String ID: 4090150443-3571374829
Opcode ID: 44e1746b1bc1057d36d6c9533498aa13510817d948778beb393e8cc75e389ccf
Instruction ID: 9e90dff6b33367a3cbf66256eb095ead16fcbb450e59e5a3cf4c7c932f386092
Opcode Fuzzy Hash: 44e1746b1bc1057d36d6c9533498aa13510817d948778beb393e8cc75e389ccf
Instruction Fuzzy Hash: 2FD022F4B0120042FE2E93D7A8013F402029F0C7C1F480020AF050BAB0DA3C85C94724

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: Setup.exePID: 4852, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: Setup.exePID: 4852, Parent PID: 2580COMMON

Execution Graph

Windows Analysis Report
Setup.exe

Function 000000014001E850 Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 309
windowsleepsynchronizationCOMMON

Function 0000000140055E40 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 462
registrywindowCOMMON

Function 000000014001EFC0 Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 233
windowregistryCOMMON

Function 0000000140005380 Relevance: 42.4, APIs: 14, Strings: 10, Instructions: 357
sleepwindowCOMMON

Function 000000014000D360 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 150
sleepsynchronizationwindowCOMMON

Function 00000001400AE5E0 Relevance: 19.7, APIs: 13, Instructions: 164
windowlibraryCOMMON

Function 000000014001F7A0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 316
timeCOMMON

Function 0000000140036C9E Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 264
windowclipboardCOMMON

Function 00000001400CCBE4 Relevance: 18.1, APIs: 12, Instructions: 93
COMMON

Function 0000000140037FEC Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 237
windowclipboardCOMMON

Function 00000001400379A1 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 224
windowclipboardCOMMON

Function 0000000140038682 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 233
windowclipboardCOMMON

Function 00000001400360FD Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 181
windowtimeclipboardCOMMON

Function 0000000140080E60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 170
COMMON

Function 0000000140032E71 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 224
windowclipboardCOMMON