Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe

Overview

General Information

Sample name:SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
Analysis ID:1427742
MD5:87b6fcfdaa0ab94d9cf4b7f3cbbc8b8b
SHA1:2e3dacf58466b4b7a2c6d52b008f6e1b4c98911a
SHA256:c1874e86e54a70b1917c708826975e45fa5c813f0ec30f6afd4971100ac0e5b7
Tags:exe
Infos:

Detection

Score:6
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe (PID: 6748 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe" MD5: 87B6FCFDAA0AB94D9CF4B7F3CBBC8B8B)
    • cmd.exe (PID: 6984 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140004620 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,0_2_0000000140004620
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140003E88 FindFirstFileW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPEAX@Z,??3@YAXPEAX@Z,0_2_0000000140003E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 4x nop then movzx eax, byte ptr [rdx+07h]0_2_00000001400170F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 4x nop then movsxd r9, rbp0_2_0000000140011620
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 4x nop then movzx eax, byte ptr [rdx]0_2_000000014000F6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 4x nop then mov ebp, dword ptr [r13+00h]0_2_000000014000E740
Source: EasyVBO.exe.0.drString found in binary or memory: PATH@https://twitter.com/home?status=Zhttps://www.facebook.com/sharer/sharer.php?u=hhttps://www.linkedin.com/shareArticle?mini=true&url=Dhttps://plus.google.com/share?url=VB equals www.facebook.com (Facebook)
Source: EasyVBO.exe.0.drString found in binary or memory: PATH@https://twitter.com/home?status=Zhttps://www.facebook.com/sharer/sharer.php?u=hhttps://www.linkedin.com/shareArticle?mini=true&url=Dhttps://plus.google.com/share?url=VB equals www.linkedin.com (Linkedin)
Source: EasyVBO.exe.0.drString found in binary or memory: PATH@https://twitter.com/home?status=Zhttps://www.facebook.com/sharer/sharer.php?u=hhttps://www.linkedin.com/shareArticle?mini=true&url=Dhttps://plus.google.com/share?url=VB equals www.twitter.com (Twitter)
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: EasyVBO.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CE000.00000004.00000020.00020000.00000000.sdmp, EasyVBO.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: EasyVBO.exe.0.drString found in binary or memory: http://www.easyas.co.zaBYour
Source: EasyVBO.exe.0.drString found in binary or memory: https://www.easyas.co.za/downloads/7zEasyVBO.exef
Source: EasyVBO.exe.0.drString found in binary or memory: https://www.google.com/
Source: EasyVBO.exe.0.drString found in binary or memory: https://www.winsms.co.za/api/credits.ASP?User=
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014001BE600_2_000000014001BE60
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014001AB780_2_000000014001AB78
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140007FA40_2_0000000140007FA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140016C300_2_0000000140016C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140006C600_2_0000000140006C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000DC900_2_000000014000DC90
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140022CA00_2_0000000140022CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000ECB00_2_000000014000ECB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_00000001400108C00_2_00000001400108C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_00000001400229400_2_0000000140022940
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000E9400_2_000000014000E940
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_00000001400141900_2_0000000140014190
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000E1A00_2_000000014000E1A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_00000001400132300_2_0000000140013230
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000DA500_2_000000014000DA50
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000F6E00_2_000000014000F6E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140021B8C0_2_0000000140021B8C
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140022F940_2_0000000140022F94
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140022BB10_2_0000000140022BB1
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: String function: 0000000140003E6C appears 32 times
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1689291681.0000000000858000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEasyVBO.exe vs SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000000.1632439150.0000000140031000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7ZSfxMod_x64.exeD vs SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1681407885.00000000023B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename7ZSfxMod_x64.exeD vs SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe, 00000000.00000003.1688185626.00000000048CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEasyVBO.exe vs SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeBinary or memory string: OriginalFilename7ZSfxMod_x64.exeD vs SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
Source: classification engineClassification label: clean6.winEXE@5/2@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000D328 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,??2@YAPEAX_K@Z,lstrcpyW,lstrcpyW,??3@YAXPEAX@Z,LocalFree,0_2_000000014000D328
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140001240 GetDiskFreeSpaceExW,SendMessageW,0_2_0000000140001240
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_000000014000CE2C GetDlgItem,SendMessageW,GetDlgItem,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,GetDlgItem,SetWindowLongPtrW,GetSystemMenu,EnableMenuItem,GetDlgItem,SetFocus,SetTimer,CoCreateInstance,GetDlgItem,IsWindow,GetDlgItem,EnableWindow,GetDlgItem,ShowWindow,0_2_000000014000CE2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140002640 GetModuleHandleW,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,0_2_0000000140002640
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7016:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeFile created: C:\Users\user\AppData\Local\Temp\7ZSfx000.cmdJump to behavior
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sum(daily.Profit) as TotalPR1 from daily WHERE (CODSale = False or (CODSale = True and CODPAID = True)) and RetailLevel = 1;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT supplierinvoices.date_c, supplierinvoices.SUPPLIER, supplierinvoices.INVNO, supplierinvoices.INVTOTAL, supplierinvoices.UnitCostExcl, supplierinvoices.PLUTOTALExcl, supplierinvoices.USER, supplierinvoices.PLU, supplierinvoices.Barcode, supplierinvoices.DESCRIPTION, supplierinvoices.QTY FROM supplierinvoices WHERE supplierinvoices.INVNO = 'DVBO-frmSupInvLoaded-txtDesc_Change2' and DESCRIPTION like '%N%' order by supplierinvoices.lineorder;&%' AND Supplier = 'T' and InvTotal < 0 and DESCRIPTION like '%&dd-MMM-yyyy : HH:MM:VBO-frmSupInvLoaded-ListItems
Source: EasyVBO.exe.0.drBinary or memory string: Select sales.date_c as tDate, Null as lTotal, Sum(sales.QTY) as sTotal from sales where Date_c Between '^' Group by format(sales.date_c, 'dd-MMM-yyyy');
Source: EasyVBO.exe.0.drBinary or memory string: SELECT Sum(daily.PLUTOTAL) AS TOTALACC from daily where RefNum <> '2' AND AccountSale = True;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT Rentals.InvNo, Sum(Rentals.VAT) AS TotalVAT, Sum(Rentals.Discount) AS TotalDisc From Rentals where InvNo = 0 GROUP BY Rentals.InvNo;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sum(sales.PLUTOTAL) as TotalR2 from sales WHERE Date_c Between ',' and RetailLevel = 2;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sum(daily.PLUTOTAL) as TotalR1 from daily WHERE (CODSale = False or (CODSale = True and CODPAID = True)) and RetailLevel = 1;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sum(daily.PLUTOTAL) as TotalR2 from daily WHERE (CODSale = False or (CODSale = True and CODPAID = True)) and RetailLevel = 2;
Source: EasyVBO.exe.0.drBinary or memory string: Select sales.PLU, Null as lTotal, Sum(sales.QTY) as sTotal from sales where PLU = '*' Group by sales.PLU;@Select * from stock where PLU ='
Source: EasyVBO.exe.0.drBinary or memory string: SELECT orders.date_c, orders.DATELASTSOLD, orders.LASTRETAIL, orders.NUMBER, orders.PLU, orders.DESCRIPTION, orders.QTY, orders.ORDERED, orders.COSTEX, orders.Supplier, orders.LinkedToOther, stock.PLU, stock.SOH, stock.REORDER from orders,stock WHERE orders.PLU=stock.PLU AND `%' ORDER BY orders.Supplier, orders.Description;
Source: EasyVBO.exe.0.drBinary or memory string: Select suppliers.Supplier from suppliers group by suppliers.Supplier order by suppliers.Supplier;0] STOCK SUPPLIERS REPORT
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.plu, sum(sales.PLUTOTAL) as TotalPettyIn from sales where Company = '*' group by sales.plu;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.Selected, sales.PLU, sales.Description, sum(sales.Qty) AS TotalQty, recipes.LinkPLU from sales, recipes where Company = 'DfrmSalesHistory-PrintRecipeItemsPP*' GROUP BY sales.PLU;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT count(1) as RecCount, sales.InvNo from sales Where Date_c Between '.' Group By sales.InvNo;0VBO-mdiMain-ConnectAgain6VBO-mdiMain-cboServer_Click&mdiMain-CheckUpdate
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.category, sum(sales.PLUTOTAL) as TotalSurcharges from sales where Company = '4' group by sales.category;
Source: EasyVBO.exe.0.drBinary or memory string: Select sales.date_c, Sum(sales.QTY) as sTotal from sales where PLU = '0' Group by sales.date_c;
Source: EasyVBO.exe.0.drBinary or memory string: Select date_format(sales.Date_c, '%m-%Y') as tDate, Sum(sales.PLUTOTAL) as MonthlyTotal, Sum(sales.PROFIT) as Profit from sales where Company = '\' Group by DATE_FORMAT(sales.Date_c, '%m-%Y');&Account sales only?
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.PLU, sales.Description, sum(sales.Qty) AS TotalQty, recipes.LinkPLU from sales, recipes where Company = 'l' and recipes.LinkPLU = sales.PLU and Date_c Between 'n' GROUP BY sales.PLU,sales.DESCRIPTION,recipes.LINKPLU;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT daily.LineOrder, daily.InvNo, Sum(daily.VAT) AS TotalVAT, Sum(daily.Discount) AS TotalDisc from daily where InvNo = t GROUP BY daily.LineOrder, daily.InvNo order by LineOrder;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT daily.CustID, daily.Name, Sum(daily.PLUTotal) AS Total from daily where Company = 'n' and CashedUp = 0 and AccountSale = 1 AND Terminal = 'z' GROUP BY daily.CustID, daily.Name order by daily.Name Desc;2Account Receipts Summary:
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sum(daily.PROFIT) as TotalPR2 from daily WHERE (CODSale = False or (CODSale = True and CODPAID = True)) and RetailLevel = 2;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT SUM(sales.PLUTotalCost) as PLUTOTALCOST from sales where Company = '~SELECT SUM(sales.profit) as PROFIT from sales where Company = '^SELECT sales.InvNo from sales where Company = '0' Group By sales.InvNo;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT -Sum(sales.InvTotal) as TTotal from sales where Company = ',') GROUP BY sales.VAT;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.Invno, sales.InvTotalCost from sales WHERE Date_c Between 'V' Group By sales.InvNo, sales.InvTotalCost;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT Sum(sales.Profit) as Profit, Sum(sales.PLUTotal) AS Total from sales where Company = ',' And AccountSale = 1;6Please enter email address:
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.Category, Sum(sales.PLUTotal) AS PLUTotal from sales where Date_c Between '4' GROUP BY sales.Category;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT daily.driver, Sum(daily.CommValue) as Comm from daily where Company = '0' GROUP BY daily.driver;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.InvNo, Sum(sales.VAT) AS TotalVAT, Sum(sales.Discount) AS TotalDisc from sales where InvNo = , GROUP BY sales.InvNo;DSelect * from daily WHERE InvNo =
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.PLU, sales.Description, Sum(sales.QTY) AS Qty, Sum(sales.PLUTotal) As PLUTotal, Sum(sales.Profit) as Profit from sales where Company = 'd' Group by description order by sales.Description;4SALES TOTALS FOR PERIOD :
Source: EasyVBO.exe.0.drBinary or memory string: SELECT supplierinvoices.date_c, supplierinvoices.InvNo, supplierinvoices.SUPPLIER, supplierinvoices.SUPID, supplierinvoices.INVTOTAL, supplierinvoices.USER From supplierinvoices where Date_c Between 'L' order by supplierinvoices.lineorder;\select * from supplierinvoices where InvNo = '$' and Supplier = 'NWould you like to print barcode labels?(mnuPrintSupInv_ClickF' and supplierinvoices.Supplier = '(' ORDER BY LineOrder6] SUPPLIER INVOICE LOADED:
Source: EasyVBO.exe.0.drBinary or memory string: SELECT Sum(daily.PROFIT) AS PROFIT from daily WHERE (CODSale = False or (CODSale = True and CODPAID = True)) and PLU <> '"' AND REFNUM <> '4' And AccountSale = False;lblTotalCashuplblSurchargeslblDiscountslblBasketmnuUser2lblPaymentslblToBanklblTotalNoVAT
Source: EasyVBO.exe.0.drBinary or memory string: SELECT users.PicCode, users.UserName, users.UserType, users.FullName from users GROUP BY users.PicCode, users.UserName, users.UserType, users.FullName ORDER BY users.UserName;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT supplierinvoices.INVNO, supplierinvoices.INVTOTAL From supplierinvoices where Date_c = 'x' Group by supplierinvoices.INVNO,supplierinvoices.INVTOTAL;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sum(daily.DISCAMT) as TotalDisc from daily where Company = 'j' and (CODSale = 0 or (CODSale = 1 and CODPAID = 1));
Source: EasyVBO.exe.0.drBinary or memory string: SELECT Sum(sales.PLUTOTAL) AS TOTALACC from sales where Date_c Between 'P' and AccountSale = True and RefNum <> ',' and RetailLevel = 1;
Source: EasyVBO.exe.0.drBinary or memory string: Select stockdept.Department from stockdept group by stockdept.Department order by stockdept.Department;4] STOCK DEPARTMENTS REPORT8Stock Suppliers Report PrintVC:\eZ-Az!\Export\Stock Suppliers Report.csv
Source: EasyVBO.exe.0.drBinary or memory string: SELECT count(1) as RecCount, daily.InvNo from daily where (daily.CODSale = 0 or (daily.CODSale = 1 and daily.CODPAID = 1)) Group by daily.InvNo;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT Quotations.InvNo, Sum(Quotations.VAT) AS TotalVAT from quotations where InvNo = 6 GROUP BY Quotations.InvNo;FSelect * from daily where InvNo = & order by LineOrder&Customer : **CASH**
Source: EasyVBO.exe.0.drBinary or memory string: SELECT Sum(daily.Profit) as Profit, Sum(daily.PLUTotal) AS Total from daily WHERE PLU <> '2' And AccountSale = True;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.AllocatedTo, Sum(sales.PLUTOTAL) AS Total, (Sum(sales.PLUTOTAL) / R) as TotalEx from sales where Company = 'T' and not isnull(AllocatedTo) and PLU <> ':' GROUP BY sales.AllocatedTo;>frmSalesHistory-cmdDetail_Click
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.LineOrder, sales.InvNo, Sum(sales.VAT) AS TotalVAT, Sum(sales.Discount) AS TotalDisc from sales where InvNo = t GROUP BY sales.LineOrder, sales.InvNo order by LineOrder;(Reprinted invoice :
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.plu, sum(sales.PLUTOTAL) as TotalPettyOut from sales where Company = ',') group by sales.plu;
Source: EasyVBO.exe.0.drBinary or memory string: Select supplierinvoices.date_c, Sum(supplierinvoices.QTY) as lTotal, Null as sTotal from supplierinvoices where PLU = 'F' Group by supplierinvoices.Date_c;<There are no records to print!>Item Totals Loaded/Sold History
Source: EasyVBO.exe.0.drBinary or memory string: SELECT stocksnap.PLU, stocksnap.Description, stocksnap.Department, stocksnap.Category, stocksnap.Supplier, stocksnap.SOH, stocksnap.QtySold, stocksnap.Loaded, stocksnap.TotalCostEx, stocksnap.TotalRetail from stocksnap where AtCashup = 1 and SnapDate Between 'p' Group By stocksnap.plu order by stocksnap.description;HfrmSalesHistory-PrintDailySalesSOHPP
Source: EasyVBO.exe.0.drBinary or memory string: Select supplierinvoices.PLU, Sum(supplierinvoices.QTY) as lTotal, Null as sTotal from supplierinvoices where PLU = '@' Group by supplierinvoices.PLU;
Source: EasyVBO.exe.0.drBinary or memory string: SELECT sales.Selected, sales.PLU, sales.Description, sales.AccountSale, sales.Refnum, sales.Name, sales.Contact, sales.IDNo, sales.VatNo, Sum(sales.QTY) AS Qty, Sum(sales.PLUTotal) As PLUTotal, Sum(sales.Profit) as Profit from sales where Company = 'd' Group by description order by sales.date_c desc;HfrmSalesHistory-PrintSalesDetailSlip
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe "C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd" "Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeStatic file information: File size 2068446 > 1048576
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140002DF0 LoadLibraryA,GetProcAddress,GetNativeSystemInfo,0_2_0000000140002DF0
Source: SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeStatic PE information: real checksum: 0x3a352 should be: 0x208771
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeFile created: C:\ez-az!\EasyVBO.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeDropped PE file which has not been started: C:\ez-az!\EasyVBO.exeJump to dropped file
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140004620 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,0_2_0000000140004620
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140003E88 FindFirstFileW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPEAX@Z,??3@YAXPEAX@Z,0_2_0000000140003E88
Source: EasyVBO.exe.0.drBinary or memory string: ar-AEJServer Datacenter (core installation)jServer Datacenter without Hyper-V (core installation)jServer Datacenter without Hyper-V (full installation)
Source: EasyVBO.exe.0.drBinary or memory string: ar-OMZWindows Small Business Server 2011 Essentials:Windows Small Business Server:Small Business Server PremiumbSmall Business Server Premium (core installation)2Windows MultiPoint ServerRServer Standard (evaluation installation)FServer Standard (core installation)>Server Standard without Hyper-VfServer Standard without Hyper-V (core installation)0Server Solutions PremiumXServer Solutions Premium (core installation)
Source: EasyVBO.exe.0.drBinary or memory string: ar-TNjServer Enterprise without Hyper-V (core installation)VServer Enterprise for Itanium-based SystemsjServer Enterprise without Hyper-V (full installation)XWindows Essential Server Solution Management0Windows Home Server 2011
Source: EasyVBO.exe.0.drBinary or memory string: ar-SYRWindows Storage Server 2008 R2 Essentials0Microsoft Hyper-V Server
Source: EasyVBO.exe.0.drBinary or memory string: Windows Server 2008 without Hyper-V for Windows Essential Server Solutions
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140002DF0 LoadLibraryA,GetProcAddress,GetNativeSystemInfo,0_2_0000000140002DF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140001120 RtlAddVectoredExceptionHandler,0_2_0000000140001120
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140023600 SetUnhandledExceptionFilter,0_2_0000000140023600
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140007290 ??3@YAXPEAX@Z,ShellExecuteExW,WaitForSingleObject,CloseHandle,??3@YAXPEAX@Z,??3@YAXPEAX@Z,0_2_0000000140007290
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd" "Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140002E64 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_0000000140002E64
Source: EasyVBO.exe.0.drBinary or memory string: Progman
Source: EasyVBO.exe.0.drBinary or memory string: Shell_traywnd
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140022B70 cpuid 0_2_0000000140022B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: GetLastError,wsprintfW,GetEnvironmentVariableW,GetLastError,??2@YAPEAX_K@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPEAX@Z,SetLastError,lstrlenA,??2@YAPEAX_K@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,0_2_0000000140002BB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140004C64 lstrlenW,GetSystemTimeAsFileTime,GetFileAttributesW,??3@YAXPEAX@Z,??3@YAXPEAX@Z,0_2_0000000140004C64
Source: C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exeCode function: 0_2_0000000140007FA4 ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z,GetVersionExW,GetCommandLineW,lstrlenW,wsprintfW,_wtol,GetModuleFileNameW,_wtol,??2@YAPEAX_K@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,wsprintfW,_wtol,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,GetCommandLineW,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,CoInitialize,lstrlenW,memcpy,_wtol,??3@YAXPEAX@Z,??3@YAXPEAX@Z,GetKeyState,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,GetFileAttributesW,??3@YAXPEAX@Z,??3@YAXPEAX@Z,_wtol,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,SetLastError,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,SetCurrentDirectoryW,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,??3@YAXPEAX@Z,MessageBoxA,0_2_0000000140007FA4

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		12
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts12
Process Injection		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
DLL Side-Loading		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets24
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1427742 Sample: SecuriteInfo.com.HEUR.Troja... Startdate: 18/04/2024 Architecture: WINDOWS Score: 6 6 SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe 5 2->6         started        file3 13 C:\ez-az!asyVBO.exe, PE32 6->13 dropped 9 cmd.exe 1 6->9         started        process4 process5 11 conhost.exe 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe6%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\ez-az!\EasyVBO.exe0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.winsms.co.za/api/credits.ASP?User=EasyVBO.exe.0.drfalse
    		high
    https://www.google.com/EasyVBO.exe.0.drfalse
      		high
      http://www.easyas.co.zaBYourEasyVBO.exe.0.drfalse
        		unknown
        https://www.easyas.co.za/downloads/7zEasyVBO.exefEasyVBO.exe.0.drfalse
          		high

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1427742
          Start date and time:2024-04-18 03:33:04 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 2m 29s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:3
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
          Detection:CLEAN
          Classification:clean6.winEXE@5/2@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 78
          • Number of non-executed functions: 68
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Stop behavior analysis, all processes terminated

          Warnings

          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):266
          Entropy (8bit):5.152383346840018
          Encrypted:false
          SSDEEP:6:mRoiowv2sw7uvXWhjAdbMD2Uwv2sw7uvXWhjAd10Wiowkn23fS3:mRoeQuvGqd9QuvGqd1Lef8
          MD5:277D1B8F03BF100459AD736A4706F463
          SHA1:955EBC1232CBDC1841B12424CCF673345C7F2CD2
          SHA-256:99477299FA042E5CAC31BDA70B55C3C977050D74D8FF7074A455C6F98A769181
          SHA-512:24790F507F21F4E5DD82FCE10C7473BEA79F94277F9E69A85ABD357E649D16C28249EF7E6155882C47B3A0F8687ECEE85E29DD9CB4A187C077A6CE6213B843F5
          Malicious:false
          Reputation:low
          Preview::Repeat..del "C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe"..if exist "C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe" goto Repeat..del "C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd"..

          C:\ez-az!\EasyVBO.exe

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):19781992
          Entropy (8bit):6.212819135706876
          Encrypted:false
          SSDEEP:393216:Aihl2xljXZofwLBIcpLQwK7oM2j004g4CNKQj95sXNb5SzBEPWLXfCHMd+fhUFCb:AS2xJp70SDblaXPUpccULgAph
          MD5:FCFB4A2D4401291F004769097E0824B9
          SHA1:BC993EE8C0D1CB8C4C7EA624466513629BCF0832
          SHA-256:365987CB64D860C9984A91808F295D85D4860323D0339EF284B6783D019E902A
          SHA-512:E63AFC2FE57BF787533B7D7E66C75DCC793FF8CE966ECB093A707A26F5508203D5DBD4CA9CF436B87241F966F61356B582BBDACA2AC7F565ECA4A31DD03E6C78
          Malicious:false
          Antivirus:
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a...%.u.%.u.%.u...{.$.u.j.|.1.u...x.$.u.Rich%.u.........................PE..L..... f.................`-.. ......HP.......p-...@...........................1..............................................T-.d....`1.\ ............-.h)..................................................8...l....................................text....[-......`-................. ..`.data........p-......p-.............@....rsrc...\ ...`1..0....-.............@..@....0.....yq:...|.>.G....h.Q.....^\...........OLE32.DLL.KERNEL32.DLL.NTDLL.DLL.URLMON.DLL.MSVBVM60.DLL........................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32+ executable (GUI) x86-64, for MS Windows
          Entropy (8bit):7.964571416300009
          TrID:
          • Win64 Executable GUI (202006/5) 91.78%
          • Win64 Executable (generic) (12005/4) 5.45%
          • Win16/32 Executable Delphi generic (2074/23) 0.94%
          • Generic Win/DOS Executable (2004/3) 0.91%
          • DOS Executable Generic (2002/1) 0.91%
          File name:SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
          File size:2'068'446 bytes
          MD5:87b6fcfdaa0ab94d9cf4b7f3cbbc8b8b
          SHA1:2e3dacf58466b4b7a2c6d52b008f6e1b4c98911a
          SHA256:c1874e86e54a70b1917c708826975e45fa5c813f0ec30f6afd4971100ac0e5b7
          SHA512:cad60287d7340fff636e13443544e1fcc9796ff165f7b56afe8bfeb1b240dfc002f9d6872bba6c6a993a81ff1362e74ea52c9b58067a5d1a59f347bf20ca7c4f
          SSDEEP:49152:Il4n2ygDR5l1R+2CvsKU4TP5GdY/5ONw2cK9vWvGYYhfBfah7Dgpqqd:JnsRfXovsKjTxkGONw54vWvxYNBfahIr
          TLSH:A6A5235B323551F8D5678078CA8A865BF3F278890731938F1270CB7B5F277A56C6A321
          File Content Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..d......P..........#..................5.........@.............................P......R.......................................................|........0.....

          File Icon

          Icon Hash:0536331b729a9a4a

          Static PE Info

          General

          Entrypoint:0x140023590
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x140000000
          Subsystem:windows gui
          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
          DLL Characteristics:TERMINAL_SERVER_AWARE
          Time Stamp:0x50E0DEC6 [Mon Dec 31 00:39:34 2012 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:08fd62a9d05cc8111782017958ea975d

          Entrypoint Preview

          Instruction
          dec eax
          sub esp, 28h
          call 00007F880D39B1B8h
          dec eax
          add esp, 28h
          jmp 00007F880D39ACAFh
          jmp dword ptr [000010B0h]
          jmp dword ptr [000010B2h]
          jmp dword ptr [000010B4h]
          jmp dword ptr [000010B6h]
          int3
          int3
          dec eax
          sub esp, 28h
          dec eax
          mov eax, dword ptr [ecx]
          cmp dword ptr [eax], E06D7363h
          jne 00007F880D39AFEEh
          cmp dword ptr [eax+18h], 04h
          jne 00007F880D39AFE8h
          mov eax, dword ptr [eax+20h]
          cmp eax, 19930520h
          je 00007F880D39AFD7h
          cmp eax, 19930521h
          je 00007F880D39AFD0h
          cmp eax, 19930522h
          je 00007F880D39AFC9h
          cmp eax, 01994000h
          jne 00007F880D39AFC9h
          call dword ptr [000010FAh]
          int3
          xor eax, eax
          dec eax
          add esp, 28h
          ret
          int3
          int3
          dec eax
          sub esp, 28h
          dec eax
          lea ecx, dword ptr [FFFFFFB1h]
          call dword ptr [00000A97h]
          xor eax, eax
          dec eax
          add esp, 28h
          ret
          jmp dword ptr [00001072h]
          int3
          int3
          dec eax
          mov eax, ecx
          mov ecx, 00005A4Dh
          cmp word ptr [eax], cx
          je 00007F880D39AFC5h
          xor eax, eax
          ret
          dec eax
          arpl word ptr [eax+3Ch], cx
          dec eax
          add ecx, eax
          xor eax, eax
          cmp dword ptr [ecx], 00004550h
          jne 00007F880D39AFCEh
          mov edx, 0000020Bh
          cmp word ptr [ecx+18h], dx
          sete al
          rep ret
          int3
          dec esp
          arpl word ptr [ecx+3Ch], ax
          inc ebp
          xor ecx, ecx

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x28c7c0xc8.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x330000x1500.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x310000x1eb4.pdata
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x240000x720.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x22cee0x22e00f158047ebe99d29de226689b79ac5102False0.5297239023297491zlib compressed data6.371845942933979IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x240000x634c0x64002b1b7806aa55db71cb683e76cc1b00a0False0.4071484375data5.241175621947523IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x2b0000x53e80xe0028b200f1a51873f7a601ddce6d47825dFalse0.36021205357142855data3.6291582394007675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .pdata0x310000x1eb40x20005886961f7384ad35e90549e1353999ecFalse0.457275390625data5.166903373683131IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0x330000x15000x1600ee950c13a402eb14ff9afe058728a934False0.34730113636363635data3.976781071635148IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x331c00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536RussianRussia0.2579268292682927
          RT_ICON0x338280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colorsRussianRussia0.3803763440860215
          RT_ICON0x33b100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 384RussianRussia0.4344262295081967
          RT_ICON0x33cf80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192RussianRussia0.46621621621621623
          RT_GROUP_ICON0x33e200x3edataRussianRussia0.8064516129032258
          RT_VERSION0x33e600x358dataEnglishUnited States0.477803738317757
          RT_MANIFEST0x341b80x346ASCII text, with CRLF line terminatorsEnglishUnited States0.5059665871121718

          Imports

          DLLImport
          COMCTL32.dll
          SHELL32.dllShellExecuteW, SHBrowseForFolderW, SHGetSpecialFolderPathW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteExW, SHGetMalloc
          GDI32.dllCreateCompatibleDC, CreateFontIndirectW, DeleteObject, DeleteDC, GetCurrentObject, StretchBlt, GetDeviceCaps, CreateCompatibleBitmap, SelectObject, SetStretchBltMode, GetObjectW
          ADVAPI32.dllFreeSid, AllocateAndInitializeSid, CheckTokenMembership
          USER32.dllwvsprintfW, CreateWindowExA, GetSystemMenu, EnableMenuItem, IsWindow, EnableWindow, MessageBeep, LoadIconW, LoadImageW, SetWindowsHookExW, PtInRect, CallNextHookEx, DefWindowProcW, CallWindowProcW, DrawIconEx, DialogBoxIndirectParamW, GetWindow, ClientToScreen, GetDC, DrawTextW, ShowWindow, SystemParametersInfoW, GetSystemMetrics, SetFocus, UnhookWindowsHookEx, SetWindowLongPtrW, GetClientRect, GetDlgItem, GetKeyState, MessageBoxA, SetWindowTextW, wsprintfA, GetSysColor, GetWindowTextLengthW, GetWindowTextW, GetClassNameA, GetWindowLongW, GetMenu, SetWindowPos, GetWindowDC, ReleaseDC, CopyImage, GetParent, CharUpperW, ScreenToClient, CreateWindowExW, SetTimer, GetWindowRect, DispatchMessageW, KillTimer, DestroyWindow, SendMessageW, EndDialog, wsprintfW, GetWindowLongPtrW, GetMessageW
          ole32.dllCreateStreamOnHGlobal, CoInitialize, CoCreateInstance
          OLEAUT32.dllSysFreeString, VariantClear, OleLoadPicture, SysAllocString
          KERNEL32.dllReadFile, SetFileTime, SetEndOfFile, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, WaitForMultipleObjects, SetFilePointer, GetFileSize, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, FormatMessageW, lstrcpyW, LocalFree, IsBadReadPtr, GetSystemDirectoryW, GetCurrentThreadId, SuspendThread, TerminateThread, InitializeCriticalSection, ResetEvent, SetEvent, CreateEventW, GetVersionExW, GetModuleFileNameW, GetCurrentProcess, SetProcessWorkingSetSize, SetCurrentDirectoryW, GetDriveTypeW, CreateFileW, GetCommandLineW, GetStartupInfoW, CreateProcessW, CreateJobObjectW, AssignProcessToJobObject, CreateIoCompletionPort, SetInformationJobObject, ResumeThread, GetQueuedCompletionStatus, GetExitCodeProcess, CloseHandle, SetEnvironmentVariableW, GetTempPathW, GetSystemTimeAsFileTime, lstrlenW, CompareFileTime, SetThreadLocale, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, RemoveDirectoryW, lstrcmpW, ExpandEnvironmentStringsW, WideCharToMultiByte, VirtualAlloc, GlobalMemoryStatusEx, GetEnvironmentVariableW, lstrcmpiW, lstrlenA, GetLocaleInfoW, MultiByteToWideChar, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetSystemDefaultLCID, lstrcmpiA, GlobalAlloc, GlobalFree, MulDiv, FindResourceExA, SizeofResource, LoadResource, LockResource, LoadLibraryA, GetProcAddress, ExitProcess, lstrcatW, AddVectoredExceptionHandler, RemoveVectoredExceptionHandler, GetDiskFreeSpaceExW, SetFileAttributesW, SetLastError, Sleep, GetExitCodeThread, WaitForSingleObject, CreateThread, GetLastError, SystemTimeToFileTime, GetLocalTime, GetFileAttributesW, CreateDirectoryW, WriteFile, GetStdHandle, VirtualFree, GetModuleHandleW, GetCurrentProcessId
          msvcrt.dll__CxxFrameHandler, _purecall, ??3@YAXPEAX@Z, ??2@YAPEAX_K@Z, memcmp, free, memcpy, _wtol, memmove, malloc, wcsncmp, strncmp, _wcsnicmp, memset, ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z, _beginthreadex, _CxxThrowException, __C_specific_handler, _unlock, __dllonexit, _lock, _onexit, ??1type_info@@UEAA@XZ, __getmainargs, _XcptFilter, _exit, _ismbblead, _cexit, exit, _acmdln, _initterm, _amsg_exit, __setusermatherr, _commode, _fmode, __set_app_type, ?terminate@@YAXXZ

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          RussianRussia
          EnglishUnited States

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:03:33:52
          Start date:18/04/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.HEUR.Trojan.Win32.DelShad.vho.25230.12529.exe"
          Imagebase:0x140000000
          File size:2'068'446 bytes
          MD5 hash:87B6FCFDAA0AB94D9CF4B7F3CBBC8B8B
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:1
          Start time:03:33:58
          Start date:18/04/2024
          Path:C:\Windows\System32\cmd.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\7ZSfx000.cmd" "
          Imagebase:0x7ff6c0050000
          File size:289'792 bytes
          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:2
          Start time:03:33:58
          Start date:18/04/2024
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7699e0000
          File size:862'208 bytes
          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:18.6%
            Dynamic/Decrypted Code Coverage:0%
            Signature Coverage:40.4%
            Total number of Nodes:1538
            Total number of Limit Nodes:31
            execution_graph 12730 140023af0 12733 14000a4fc InitializeCriticalSection 12730->12733 12732 140023b00 12733->12732 10924 140023900 10927 140001120 RtlAddVectoredExceptionHandler 10924->10927 10926 140023910 10927->10926 12845 140019d00 12848 140019d2a 12845->12848 12846 140019d8f 12847 140019d42 12847->12846 12850 140019d54 memcpy 12847->12850 12848->12846 12848->12847 12855 14000a414 WaitForSingleObject 12848->12855 12851 140019d72 12850->12851 12851->12846 12856 14000a4a8 ResetEvent 12851->12856 11219 14000a510 GetWindowLongPtrW 11220 14000a547 11219->11220 11221 14000a57c 11219->11221 11222 14000a58d 11220->11222 11223 14000a54f SetWindowLongPtrW SendMessageW 11220->11223 11226 14000a5ac 11221->11226 11238 14000c180 11221->11238 11223->11221 11227 14000a5ea 11226->11227 11228 14000a5ba 11226->11228 11231 14000a604 11227->11231 11232 14000a5f6 UnhookWindowsHookEx 11227->11232 11229 14000a5c2 11228->11229 11230 14000a5e0 11228->11230 11234 14000a5c7 11229->11234 11245 14000a680 11229->11245 11251 14000cbf4 11230->11251 11258 14000ce2c 11230->11258 11233 14000a610 UnhookWindowsHookEx 11231->11233 11231->11234 11232->11231 11233->11234 11234->11222 11239 14000c20a 11238->11239 11240 14000c1ad 11238->11240 11241 14000c22b SendMessageW 11239->11241 11242 14000c21c EndDialog 11239->11242 11243 14000c1c5 11240->11243 11244 14000bfe4 28 API calls 11240->11244 11241->11243 11242->11241 11244->11243 11246 14000a6b8 11245->11246 11247 14000a689 11245->11247 11246->11234 11248 14000a691 11247->11248 11249 14000a6b0 EndDialog 11247->11249 11248->11246 11250 14000a69b EndDialog 11248->11250 11249->11246 11250->11246 11288 14000c7f4 11251->11288 11256 14000cc1f 11256->11234 11514 14000a8d4 11258->11514 11261 14000ce98 11518 14000ae64 11261->11518 11262 14000cece 11264 14000cf31 11262->11264 11265 14000ced7 11262->11265 11268 14000cf6b GetDlgItem SetFocus 11264->11268 11273 14000a8d4 2 API calls 11264->11273 11267 14000a8d4 2 API calls 11265->11267 11272 14000cee7 GetDlgItem GetWindowLongPtrW GetDlgItem SetWindowLongPtrW 11267->11272 11269 14000cfbc 11268->11269 11270 14000cf8c SetTimer 11268->11270 11274 14000cfd1 CoCreateInstance 11269->11274 11275 14000cff9 11269->11275 11270->11269 11271 140005d88 21 API calls 11271->11262 11546 14000b31c 11272->11546 11277 14000cf49 GetSystemMenu 11273->11277 11274->11275 11278 14000d001 GetDlgItem IsWindow 11275->11278 11279 14000d036 11275->11279 11277->11268 11280 14000cf5a EnableMenuItem 11277->11280 11278->11279 11281 14000d01f GetDlgItem EnableWindow 11278->11281 11282 14000d059 11279->11282 11283 14000d03f GetDlgItem ShowWindow 11279->11283 11280->11268 11281->11279 11525 14000bfe4 11282->11525 11283->11282 11285 14000d06c 11286 14000c7f4 199 API calls 11285->11286 11287 14000d074 11286->11287 11287->11234 11289 14000c8ba 11288->11289 11290 14000c830 8 API calls 11288->11290 11291 14000c8c4 8 API calls 11289->11291 11292 14000c94c GetDlgItem SetWindowTextW 11289->11292 11290->11289 11291->11292 11408 140005d88 11292->11408 11294 14000c976 11419 14000bd78 11294->11419 11296 14000c982 11297 14000ca2a 11296->11297 11298 14000c98e 11296->11298 11301 140002bb4 18 API calls 11297->11301 11299 14000c993 11298->11299 11300 14000c9fe 11298->11300 11302 14000c9c5 11299->11302 11303 14000c998 11299->11303 11304 140002bb4 18 API calls 11300->11304 11305 14000ca34 11301->11305 11308 140002bb4 18 API calls 11302->11308 11306 14000ca28 11303->11306 11312 140002bb4 18 API calls 11303->11312 11307 14000ca08 11304->11307 11309 14000b590 25 API calls 11305->11309 11310 14000cb12 11306->11310 11311 14000ca68 GetWindow 11306->11311 11313 14000b590 25 API calls 11307->11313 11314 14000c9cf 11308->11314 11315 14000c9bb 11309->11315 11319 14000cb4f GetModuleHandleW 11310->11319 11338 14000cb1d 11310->11338 11316 14000ca7e 11311->11316 11317 14000c9ab 11312->11317 11318 14000ca18 11313->11318 11320 14000b590 25 API calls 11314->11320 11326 140002bb4 18 API calls 11315->11326 11324 14000ca99 GetWindow 11316->11324 11329 140005d88 21 API calls 11316->11329 11322 14000b590 25 API calls 11317->11322 11323 14000a8d4 GetDlgItem ShowWindow 11318->11323 11321 14000cb5d LoadIconW 11319->11321 11325 14000c9df 11320->11325 11327 14000cb94 11321->11327 11328 14000cb6b GetDlgItem SendMessageW 11321->11328 11322->11315 11323->11306 11330 14000cad5 11324->11330 11331 14000caad 11324->11331 11332 14000a8d4 GetDlgItem ShowWindow 11325->11332 11333 14000ca4e 11326->11333 11335 14000a8d4 GetDlgItem ShowWindow 11327->11335 11334 14000cba8 11328->11334 11336 14000ca86 GetWindow 11329->11336 11340 14000caea GetWindow 11330->11340 11337 1400041b0 28 API calls 11331->11337 11354 14000cac7 GetWindow 11331->11354 11339 14000c9ef 11332->11339 11341 14000b590 25 API calls 11333->11341 11344 14000cbb1 11334->11344 11345 14000cbb9 11334->11345 11335->11334 11336->11316 11337->11331 11338->11321 11338->11327 11346 14000a6c4 9 API calls 11339->11346 11342 14000caf8 11340->11342 11343 14000cadd 11340->11343 11341->11306 11347 14000cb05 11342->11347 11348 14000cbce 11342->11348 11343->11340 11350 140002968 46 API calls 11343->11350 11349 14000af14 LoadLibraryA GetProcAddress GetWindow 11344->11349 11360 14000b4b4 19 API calls 11345->11360 11351 14000c9fc 11346->11351 11352 14000af14 LoadLibraryA GetProcAddress GetWindow 11347->11352 11355 14000a858 GetParent GetWindowRect SetWindowPos 11348->11355 11349->11345 11350->11343 11351->11306 11356 14000cb0d 11352->11356 11353 14000cbc3 11358 14000aa68 26 API calls 11353->11358 11359 14000b39c 30 API calls 11353->11359 11354->11330 11354->11331 11357 14000cbd6 11355->11357 11356->11348 11361 14000bbc8 11357->11361 11358->11348 11359->11348 11360->11353 11362 14000bcf5 11361->11362 11363 14000bbd0 11361->11363 11362->11256 11381 14000aa68 GetDlgItem GetWindowLongPtrW 11362->11381 11363->11362 11364 14000bc1c GetDlgItem 11363->11364 11365 14000412c 4 API calls 11364->11365 11366 14000bc42 11365->11366 11367 14000bc8a ??3@YAXPEAX 11366->11367 11369 1400011b4 2 API calls 11366->11369 11496 14000baf8 11367->11496 11370 14000bc67 11369->11370 11370->11367 11371 14000bc9c 11506 14000a6c4 9 API calls 11371->11506 11382 14000aada GetDlgItem GetWindowLongPtrW 11381->11382 11383 14000aac0 GetDlgItem 11381->11383 11386 14000ab25 GetDlgItem 11382->11386 11389 14000ab3f GetSystemMetrics GetSystemMetrics GetSystemMetrics GetSystemMetrics GetParent 11382->11389 11509 1400025e0 GetParent 11383->11509 11387 1400025e0 4 API calls 11386->11387 11387->11389 11390 14000ac72 SetWindowPos 11389->11390 11391 14000ac03 GetClientRect ClientToScreen ClientToScreen 11389->11391 11393 14000aca9 11390->11393 11399 14000ace4 11390->11399 11392 14000ac44 11391->11392 11392->11390 11512 14000aa08 GetDlgItem SetWindowPos 11393->11512 11395 14000accb GetDlgItem 11397 1400025e0 4 API calls 11395->11397 11397->11399 11398 14000ad5d 11400 14000ae2a GetSystemMetrics GetSystemMetrics 11398->11400 11401 14000ad6c GetClientRect 11398->11401 11507 14000aa08 GetDlgItem SetWindowPos 11399->11507 11400->11256 11402 14000add4 11401->11402 11403 14000ad7f 11401->11403 11513 14000aa08 GetDlgItem SetWindowPos 11402->11513 11403->11402 11508 14000aa08 GetDlgItem SetWindowPos 11403->11508 11406 14000adbb GetDlgItem 11407 1400025e0 4 API calls 11406->11407 11407->11402 11426 14000412c 11408->11426 11412 140005da8 11413 14000313c ??2@YAPEAX_K ??3@YAXPEAX 11412->11413 11414 140005db9 11413->11414 11415 14000313c ??2@YAPEAX_K ??3@YAXPEAX 11414->11415 11416 140005dca 11415->11416 11417 140005804 ??2@YAPEAX_K ??3@YAXPEAX memcpy memcpy 11416->11417 11418 140005dde ??3@YAXPEAX ??3@YAXPEAX SetWindowTextW ??3@YAXPEAX 11417->11418 11418->11294 11420 1400011b4 2 API calls 11419->11420 11422 14000bda5 11420->11422 11421 14000bdce SetWindowTextW 11423 140005d88 21 API calls 11421->11423 11422->11421 11424 1400018e8 2 API calls 11422->11424 11425 14000bde8 11423->11425 11424->11422 11427 1400011b4 2 API calls 11426->11427 11428 14000415c GetWindowTextLengthW 11427->11428 11429 140004198 11428->11429 11430 14000416c 11428->11430 11433 140005fa8 11429->11433 11431 14000417e GetWindowTextW 11430->11431 11432 1400011b4 2 API calls 11430->11432 11431->11429 11432->11431 11434 1400037b8 4 API calls 11433->11434 11435 140005fb6 11434->11435 11459 1400058e0 11435->11459 11460 1400011b4 2 API calls 11459->11460 11462 14000590d 11460->11462 11461 140005932 11464 1400031a8 2 API calls 11461->11464 11462->11461 11463 1400011b4 2 API calls 11462->11463 11463->11461 11465 140005966 11464->11465 11466 14000313c 2 API calls 11465->11466 11467 140005977 11466->11467 11483 140005804 11467->11483 11470 14000599d 11472 1400011b4 2 API calls 11470->11472 11471 1400031a8 2 API calls 11474 1400059ec 11471->11474 11473 1400059b8 11472->11473 11473->11471 11475 14000313c 2 API calls 11474->11475 11476 1400059fd 11475->11476 11477 140005804 4 API calls 11476->11477 11478 140005a0f ??3@YAXPEAX 11477->11478 11479 14000313c 2 API calls 11478->11479 11480 140005a2a 11479->11480 11481 140005804 4 API calls 11480->11481 11482 140005a3a ??3@YAXPEAX 11481->11482 11484 14000582f ??3@YAXPEAX 11483->11484 11485 140005836 11483->11485 11484->11470 11484->11473 11485->11484 11486 140005882 memcpy 11485->11486 11488 140004454 11485->11488 11486->11485 11489 140004484 11488->11489 11491 140004490 11488->11491 11492 1400035dc 11489->11492 11491->11485 11491->11491 11494 1400035fb 11492->11494 11493 14000364d memcpy 11494->11493 11495 1400011b4 2 API calls 11494->11495 11495->11493 11497 1400011b4 2 API calls 11496->11497 11498 14000bb25 11497->11498 11498->11498 11499 14000bb89 GetDlgItem SetWindowTextW 11498->11499 11501 140002bb4 18 API calls 11498->11501 11500 140005d88 21 API calls 11499->11500 11502 14000bbad ??3@YAXPEAX 11500->11502 11503 14000bb5c wsprintfW 11501->11503 11502->11371 11504 1400031a8 2 API calls 11503->11504 11505 14000bb84 11504->11505 11505->11499 11507->11398 11508->11406 11510 140002603 GetWindowRect ScreenToClient ScreenToClient 11509->11510 11511 14000262d 11509->11511 11510->11511 11511->11382 11512->11395 11513->11400 11515 14000a8e3 GetDlgItem 11514->11515 11516 14000a904 GetDlgItem SendMessageW 11514->11516 11515->11516 11517 14000a8f2 ShowWindow 11515->11517 11516->11261 11516->11262 11517->11516 11519 14000ae90 11518->11519 11520 14000ae94 GetDlgItem 11519->11520 11521 14000af08 GetDlgItem SetWindowTextW 11519->11521 11522 1400025e0 4 API calls 11520->11522 11521->11271 11523 14000aeb2 11522->11523 11523->11521 11551 14000aa08 GetDlgItem SetWindowPos 11523->11551 11526 1400011b4 2 API calls 11525->11526 11527 14000c015 GetDlgItem SendMessageW wsprintfW 11526->11527 11529 14000c09f GetDlgItem SetWindowTextW 11527->11529 11531 14000c0c7 11527->11531 11530 140005d88 21 API calls 11529->11530 11530->11531 11532 14000c0df 11531->11532 11533 14000c100 11531->11533 11534 14000c139 ??3@YAXPEAX 11531->11534 11535 1400014a0 2 API calls 11532->11535 11537 1400014a0 2 API calls 11533->11537 11534->11285 11538 14000c0eb 11535->11538 11539 14000c10a 11537->11539 11540 1400018e8 2 API calls 11538->11540 11541 1400018e8 2 API calls 11539->11541 11542 14000c0f9 11540->11542 11541->11542 11543 1400031a8 2 API calls 11542->11543 11544 14000c129 11543->11544 11545 14000bd78 22 API calls 11544->11545 11545->11534 11547 14000b335 GetObjectW 11546->11547 11548 14000b38a 11546->11548 11547->11548 11549 14000b34d CreateFontIndirectW 11547->11549 11548->11264 11549->11548 11550 14000b368 GetDlgItem SendMessageW 11549->11550 11550->11548 11551->11521 10385 14001aa28 10387 14001aa52 10385->10387 10386 14001aa8c 10387->10386 10390 14001a444 10387->10390 10420 14001a228 10390->10420 10394 14001a46c 10395 140018794 _RunAllParam ??3@YAXPEAX 10394->10395 10396 14001a478 10395->10396 10397 140018794 _RunAllParam ??3@YAXPEAX 10396->10397 10398 14001a49e 10397->10398 10399 140018794 _RunAllParam ??3@YAXPEAX 10398->10399 10400 14001a4c4 10399->10400 10401 14001a228 4 API calls 10400->10401 10402 14001a4d6 10401->10402 10431 14000a3d8 10402->10431 10405 14000a3d8 2 API calls 10406 14001a4e8 10405->10406 10407 14000a3d8 2 API calls 10406->10407 10408 14001a4f1 10407->10408 10409 140018794 _RunAllParam ??3@YAXPEAX 10408->10409 10410 14001a4fd 10409->10410 10411 140018794 _RunAllParam ??3@YAXPEAX 10410->10411 10412 14001a509 10411->10412 10413 140018794 _RunAllParam ??3@YAXPEAX 10412->10413 10414 14001a512 10413->10414 10415 140018794 _RunAllParam ??3@YAXPEAX 10414->10415 10416 14001a51b 10415->10416 10417 14001a539 ??3@YAXPEAX 10416->10417 10435 1400195f8 10416->10435 10440 140015950 10416->10440 10417->10387 10421 14001a244 10420->10421 10422 14001a23f 10420->10422 10424 14001a25b 10421->10424 10444 14000a414 WaitForSingleObject 10421->10444 10445 14000a490 SetEvent 10422->10445 10428 140018794 10424->10428 10426 14001a252 10427 14000a3d8 FindCloseChangeNotification GetLastError 10426->10427 10427->10424 10429 140018760 ??3@YAXPEAX 10428->10429 10429->10394 10432 14000a407 10431->10432 10433 14000a3e9 FindCloseChangeNotification 10431->10433 10432->10405 10433->10432 10434 14000a3f3 GetLastError 10433->10434 10434->10432 10436 14001960a 10435->10436 10437 140019619 10435->10437 10446 140018c50 10436->10446 10437->10417 10441 140015968 10440->10441 10442 14001595d 10440->10442 10441->10417 10452 140015ec0 10442->10452 10449 1400024fc 10446->10449 10450 140002513 ??3@YAXPEAX 10449->10450 10451 140002505 VirtualFree 10449->10451 10450->10437 10451->10450 10459 140014be0 10452->10459 10457 140015f25 10457->10441 10458 140015f1d ??3@YAXPEAX 10458->10457 10462 140002518 free 10459->10462 10460 140014bfa 10463 140002518 free 10460->10463 10461 140014c0f 10464 140002518 10461->10464 10462->10460 10463->10461 10465 140002521 free 10464->10465 10466 140002527 10464->10466 10465->10466 10466->10457 10466->10458 12894 140021b3c 12895 140021b58 12894->12895 12896 140021b7a 12894->12896 12895->12896 12898 140019cd4 12895->12898 12903 14000a4a8 ResetEvent 12898->12903 10928 14001a160 10929 14001a16f 10928->10929 10931 14001a18f 10929->10931 10934 1400217e4 10929->10934 10943 14000a414 WaitForSingleObject 10929->10943 10944 14000a490 SetEvent 10929->10944 10936 140021813 10934->10936 10935 1400218ed 10940 14002192f 10935->10940 10945 140018f10 10935->10945 10953 140015c90 10935->10953 10938 140021888 10936->10938 10960 1400186b8 10936->10960 10938->10935 10939 1400186b8 6 API calls 10938->10939 10939->10938 10940->10929 10947 140018f4b 10945->10947 10946 140019063 10946->10940 10947->10946 10949 14001905f 10947->10949 10964 14001a038 10947->10964 10968 140018c00 10947->10968 10972 140019b8c 10947->10972 10949->10946 10951 140018c00 116 API calls 10949->10951 10951->10946 10954 140015ca9 10953->10954 10956 140015cb6 10953->10956 10954->10940 10957 14001a0e8 116 API calls 10956->10957 10958 140015e5d 10956->10958 11177 1400197d4 10956->11177 11181 140015620 10956->11181 10957->10956 10958->10940 10961 1400186e9 10960->10961 10962 1400186c4 10960->10962 10961->10936 11208 140018588 10962->11208 10965 14001a09b 10964->10965 10966 14001a05f 10964->10966 10965->10947 10966->10965 10976 140018a14 10966->10976 10969 140018c16 10968->10969 10980 14001a0e8 10969->10980 10973 140019bac 10972->10973 10974 140019c22 10973->10974 11173 140001154 10973->11173 10974->10947 10977 140018a2f 10976->10977 10978 140018a4d 10977->10978 10979 140018a40 GetLastError 10977->10979 10978->10966 10979->10978 10981 140018c3a 10980->10981 10982 14001a10a 10980->10982 10981->10947 10982->10981 10984 14001ccec 10982->10984 10988 14001cd11 10984->10988 10985 14001cdb4 10985->10982 10986 14001cc94 114 API calls 10986->10988 10988->10985 10988->10986 10990 140022878 10988->10990 10994 14001cb04 10988->10994 10991 1400228a4 10990->10991 10992 1400228ae 10990->10992 10998 140018b28 10991->10998 10992->10988 10995 14001cb37 10994->10995 11004 140001eac 10995->11004 11003 140018278 WriteFile 10998->11003 11000 140018b46 11001 140018b5b GetLastError 11000->11001 11002 140018b68 11000->11002 11001->11002 11002->10992 11003->11000 11005 140001ee4 11004->11005 11006 140001eee 11004->11006 11005->10988 11007 14000231a 11006->11007 11009 1400011b4 2 API calls 11006->11009 11008 140018358 VariantClear 11007->11008 11008->11005 11010 140001f4d 11009->11010 11022 1400022e2 ??3@YAXPEAX 11010->11022 11056 1400014a0 11010->11056 11016 140001fcf ??3@YAXPEAX 11024 140001fe2 11016->11024 11046 1400022a0 ??3@YAXPEAX 11016->11046 11017 1400011b4 2 API calls 11019 140001fad 11017->11019 11019->11016 11020 140018358 VariantClear 11020->11005 11021 140018358 VariantClear 11021->11022 11022->11007 11023 140002028 11023->11021 11024->11023 11025 1400020a1 11024->11025 11026 1400020bb GetLocalTime SystemTimeToFileTime 11024->11026 11025->11023 11027 1400020e2 11025->11027 11028 1400020fa 11025->11028 11026->11025 11077 140004c64 lstrlenW 11027->11077 11065 140004620 GetFileAttributesW 11028->11065 11033 1400022a2 11036 140018358 VariantClear 11033->11036 11034 14000210b 11034->11033 11037 140002114 ??2@YAPEAX_K 11034->11037 11035 1400022bf GetLastError 11035->11023 11038 1400022b0 ??3@YAXPEAX 11036->11038 11039 140002126 11037->11039 11038->11007 11074 140018224 11039->11074 11042 140002271 11099 140018358 11042->11099 11043 140002171 GetLastError 11044 1400011b4 2 API calls 11043->11044 11047 140002195 11044->11047 11046->11020 11048 140004c64 99 API calls 11047->11048 11051 1400021cc ??3@YAXPEAX 11047->11051 11049 140002219 11048->11049 11049->11051 11052 140018224 2 API calls 11049->11052 11051->11023 11053 140002246 11052->11053 11054 140002267 ??3@YAXPEAX 11053->11054 11055 14000224b GetLastError 11053->11055 11054->11042 11055->11051 11057 1400014c7 11056->11057 11058 1400011b4 2 API calls 11057->11058 11059 1400014de 11058->11059 11060 140001974 11059->11060 11061 1400011b4 2 API calls 11060->11061 11062 1400019a0 11061->11062 11063 14000150c 2 API calls 11062->11063 11064 1400019cb 11063->11064 11064->11016 11064->11017 11066 140004642 11065->11066 11071 140002102 11065->11071 11067 140004656 11066->11067 11068 14000464b SetLastError 11066->11068 11069 140004660 11067->11069 11067->11071 11072 14000466f FindFirstFileW 11067->11072 11068->11071 11103 1400045ec 11069->11103 11071->11034 11071->11035 11072->11069 11073 140004683 FindClose CompareFileTime 11072->11073 11073->11069 11073->11071 11116 140018130 11074->11116 11124 14000313c 11077->11124 11080 1400011b4 2 API calls 11083 140004ca6 11080->11083 11082 140004d06 GetSystemTimeAsFileTime GetFileAttributesW 11084 140004d2b 11082->11084 11085 140004d1e 11082->11085 11083->11082 11087 140004d4b 11083->11087 11128 140002348 CreateDirectoryW 11083->11128 11086 140002348 4 API calls 11084->11086 11092 140004ddf 11084->11092 11088 140004620 22 API calls 11085->11088 11096 140004d3b 11086->11096 11089 140004d70 11087->11089 11095 140004df2 ??3@YAXPEAX 11087->11095 11088->11084 11134 14000d328 11089->11134 11090 140004de1 11093 14000d328 70 API calls 11090->11093 11092->11095 11093->11092 11097 1400020e7 11095->11097 11096->11090 11096->11092 11098 140002348 4 API calls 11096->11098 11097->11023 11097->11033 11098->11096 11102 14001830c 11099->11102 11100 14001834d VariantClear 11101 140018340 11100->11101 11101->11046 11102->11100 11102->11101 11108 140003fcc 11103->11108 11106 1400045f9 GetLastError 11107 140004604 11106->11107 11107->11071 11109 140003fe5 GetFileAttributesW 11108->11109 11110 140003fde 11108->11110 11109->11110 11111 140003ff0 11109->11111 11110->11106 11110->11107 11112 140004012 11111->11112 11113 140003ff7 SetFileAttributesW 11111->11113 11115 140003e88 13 API calls 11112->11115 11113->11110 11114 140004003 DeleteFileW 11113->11114 11114->11110 11115->11110 11121 14001805c 11116->11121 11119 140018164 CreateFileW 11120 140002168 11119->11120 11120->11042 11120->11043 11122 140018078 11121->11122 11123 14001806b FindCloseChangeNotification 11121->11123 11122->11119 11122->11120 11123->11122 11125 140003164 11124->11125 11126 1400011b4 2 API calls 11125->11126 11127 14000317b 11126->11127 11127->11080 11127->11083 11129 14000235d GetLastError 11128->11129 11130 14000238f 11128->11130 11131 140002376 GetFileAttributesW 11129->11131 11133 14000236a 11129->11133 11130->11083 11131->11130 11131->11133 11132 14000236c SetLastError 11132->11130 11133->11130 11133->11132 11145 140002bb4 11134->11145 11137 14000d456 11141 14000d1cc 41 API calls 11137->11141 11138 14000d36b GetLastError FormatMessageW 11139 14000d3d7 lstrlenW lstrlenW ??2@YAPEAX_K lstrcpyW lstrcpyW 11138->11139 11140 14000d3aa FormatMessageW 11138->11140 11164 14000d1cc 11139->11164 11140->11137 11140->11139 11143 140004d7f ??3@YAXPEAX 11141->11143 11143->11097 11146 140002be5 11145->11146 11147 140002c1b GetLastError wsprintfW GetEnvironmentVariableW GetLastError 11146->11147 11148 140002c0f wvsprintfW 11146->11148 11149 140002cc1 SetLastError 11147->11149 11150 140002c58 ??2@YAPEAX_K GetEnvironmentVariableW 11147->11150 11148->11137 11148->11138 11149->11148 11152 140002cd7 11149->11152 11151 140002c87 GetLastError 11150->11151 11158 140002cb2 11150->11158 11154 140002c91 11151->11154 11151->11158 11153 140002cf5 lstrlenA ??2@YAPEAX_K 11152->11153 11155 140002b44 GetUserDefaultUILanguage GetSystemDefaultUILanguage GetSystemDefaultLCID 11152->11155 11156 140002d73 MultiByteToWideChar 11153->11156 11157 140002d2a GetLocaleInfoW 11153->11157 11154->11158 11159 140002c9b lstrcmpiW 11154->11159 11160 140002ce8 11155->11160 11156->11148 11161 140002d55 _wtol 11157->11161 11162 140002d6d 11157->11162 11158->11149 11159->11158 11163 140002ca8 ??3@YAXPEAX 11159->11163 11160->11153 11161->11156 11162->11156 11163->11158 11165 14000d1e5 11164->11165 11166 14000d276 ??3@YAXPEAX LocalFree 11164->11166 11167 14000b810 ??2@YAPEAX_K ??3@YAXPEAX GetSystemMetrics GetSystemMetrics 11165->11167 11166->11143 11168 14000d1f6 IsWindow 11167->11168 11169 14000d213 IsBadReadPtr 11168->11169 11171 14000d229 11168->11171 11169->11171 11170 14000b8a4 36 API calls 11172 14000d25d ??3@YAXPEAX 11170->11172 11171->11170 11172->11166 11174 140001168 11173->11174 11175 140001161 11173->11175 11174->11175 11176 14000116d SendMessageW 11174->11176 11175->10974 11176->11175 11178 140019805 11177->11178 11179 140019817 11177->11179 11186 1400198c0 11178->11186 11179->10956 11182 1400158f8 11181->11182 11183 14001566a 11181->11183 11182->10956 11183->11182 11185 14001577e memcpy 11183->11185 11204 140014850 11183->11204 11185->11183 11189 14001983c EnterCriticalSection 11186->11189 11188 1400198f2 11188->11179 11195 140018a74 11189->11195 11191 140019899 LeaveCriticalSection 11191->11188 11192 140019897 11192->11191 11194 140018a14 GetLastError 11194->11192 11196 140018a8e 11195->11196 11199 140018a87 11195->11199 11201 1400180d4 SetFilePointer 11196->11201 11199->11191 11199->11194 11200 140018aaf GetLastError 11200->11199 11202 140018106 11201->11202 11203 1400180fc GetLastError 11201->11203 11202->11199 11202->11200 11203->11202 11206 140014890 11204->11206 11205 140014b39 11205->11183 11206->11205 11207 140014b69 memcpy 11206->11207 11207->11205 11209 140018654 11208->11209 11210 1400185a6 11208->11210 11209->10961 11211 1400185c6 11210->11211 11212 1400185ae _CxxThrowException 11210->11212 11213 1400185f6 11211->11213 11214 1400185dc _CxxThrowException 11211->11214 11212->11211 11215 140018644 ??3@YAXPEAX 11213->11215 11216 1400185fd ??2@YAPEAX_K 11213->11216 11214->11213 11215->11209 11217 140018627 memcpy 11216->11217 11218 14001860d _CxxThrowException 11216->11218 11217->11215 11218->11217 10378 140007a74 10379 140007a9e 10378->10379 10380 140007abe ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX 10379->10380 10382 140007ae2 10379->10382 10380->10379 10381 14001874f 10382->10381 10384 140018664 memcpy 10382->10384 11552 140001380 11553 140001398 11552->11553 11554 1400013ae 11552->11554 11553->11554 11555 14000139a SleepEx 11553->11555 11561 14001be60 11554->11561 11609 14001c860 11554->11609 11555->11553 11556 1400013d0 11557 1400013ea 11556->11557 11558 1400013db EndDialog 11556->11558 11558->11557 11562 14001beb4 11561->11562 11563 14001beee 11562->11563 11564 14001c138 11562->11564 11570 14001bdfc 7 API calls 11562->11570 11572 140018794 ??3@YAXPEAX _RunAllParam 11562->11572 11573 1400186b8 6 API calls 11562->11573 11803 14001bba4 11562->11803 11809 14001bd1c 11562->11809 11563->11556 11644 140001240 11564->11644 11566 14001c174 11569 14001c183 ??2@YAPEAX_K 11566->11569 11567 14001c14a 11571 140018794 _RunAllParam ??3@YAXPEAX 11567->11571 11591 14001c1a5 11569->11591 11570->11562 11571->11563 11572->11562 11573->11562 11575 14001c210 11578 14001bc14 2 API calls 11575->11578 11576 14001c2a9 ??2@YAPEAX_K 11576->11591 11577 14001c260 11653 14001bc14 11577->11653 11581 14001c22b 11578->11581 11583 140018794 _RunAllParam ??3@YAXPEAX 11581->11583 11583->11563 11585 14001c371 11586 14001bc14 2 API calls 11585->11586 11587 14001c39a 11586->11587 11589 140018794 _RunAllParam ??3@YAXPEAX 11587->11589 11589->11563 11590 14001ce08 114 API calls 11590->11591 11591->11563 11591->11575 11591->11576 11591->11577 11591->11585 11591->11590 11592 14001c68c 11591->11592 11594 14001c537 11591->11594 11595 14001c5ef 11591->11595 11600 14001c718 11591->11600 11667 14001ab78 11591->11667 11813 14001c9e0 ??2@YAPEAX_K 11591->11813 11593 14001bc14 2 API calls 11592->11593 11596 14001c6c5 11593->11596 11597 14001bc14 2 API calls 11594->11597 11598 14001bc14 2 API calls 11595->11598 11603 140018794 _RunAllParam ??3@YAXPEAX 11596->11603 11599 14001c570 11597->11599 11601 14001c628 11598->11601 11605 140018794 _RunAllParam ??3@YAXPEAX 11599->11605 11602 14001bc14 2 API calls 11600->11602 11606 140018794 _RunAllParam ??3@YAXPEAX 11601->11606 11604 14001c751 11602->11604 11603->11563 11607 140018794 _RunAllParam ??3@YAXPEAX 11604->11607 11605->11563 11606->11563 11607->11563 11624 14001c1f8 11609->11624 11610 14001c210 11613 14001bc14 2 API calls 11610->11613 11611 14001c2a9 ??2@YAPEAX_K 11611->11624 11612 14001c260 11615 14001bc14 2 API calls 11612->11615 11616 14001c22b 11613->11616 11614 14001c9e0 ??2@YAPEAX_K 11614->11624 11617 14001c27b 11615->11617 11618 140018794 _RunAllParam ??3@YAXPEAX 11616->11618 11619 140018794 _RunAllParam ??3@YAXPEAX 11617->11619 11643 14001c244 11618->11643 11619->11643 11620 14001c371 11621 14001bc14 2 API calls 11620->11621 11622 14001c39a 11621->11622 11625 140018794 _RunAllParam ??3@YAXPEAX 11622->11625 11623 14001ab78 184 API calls 11623->11624 11624->11610 11624->11611 11624->11612 11624->11614 11624->11620 11624->11623 11626 14001ce08 114 API calls 11624->11626 11627 14001c68c 11624->11627 11629 14001c537 11624->11629 11630 14001c5ef 11624->11630 11635 14001c718 11624->11635 11624->11643 11625->11643 11626->11624 11628 14001bc14 2 API calls 11627->11628 11631 14001c6c5 11628->11631 11632 14001bc14 2 API calls 11629->11632 11633 14001bc14 2 API calls 11630->11633 11638 140018794 _RunAllParam ??3@YAXPEAX 11631->11638 11634 14001c570 11632->11634 11636 14001c628 11633->11636 11640 140018794 _RunAllParam ??3@YAXPEAX 11634->11640 11637 14001bc14 2 API calls 11635->11637 11641 140018794 _RunAllParam ??3@YAXPEAX 11636->11641 11639 14001c751 11637->11639 11638->11643 11642 140018794 _RunAllParam ??3@YAXPEAX 11639->11642 11640->11643 11641->11643 11642->11643 11643->11556 11645 140001252 GetDiskFreeSpaceExW 11644->11645 11646 1400012aa SendMessageW 11644->11646 11645->11646 11648 14000126e 11645->11648 11647 140001292 11646->11647 11647->11566 11647->11567 11648->11646 11649 140002bb4 18 API calls 11648->11649 11650 140001284 11649->11650 11815 14000d280 11650->11815 11652 14000128c 11652->11646 11652->11647 11654 14001bc37 11653->11654 11655 140018794 _RunAllParam ??3@YAXPEAX 11654->11655 11656 14001bc43 11655->11656 11657 14001bc55 11656->11657 11858 14001aab4 11656->11858 11658 140018794 _RunAllParam ??3@YAXPEAX 11657->11658 11659 14001bc61 11658->11659 11660 140018794 _RunAllParam ??3@YAXPEAX 11659->11660 11661 14001bc6a 11660->11661 11662 140018794 _RunAllParam ??3@YAXPEAX 11661->11662 11663 14001bc73 11662->11663 11664 140018794 _RunAllParam ??3@YAXPEAX 11663->11664 11665 14001bc7c 11664->11665 11875 14001e5e0 11667->11875 11670 14001abbe 11670->11591 11672 14001ac73 ??2@YAPEAX_K 11678 14001ac37 11672->11678 11674 14001aca6 ??2@YAPEAX_K 11674->11678 11675 14001b87b 11676 14001b8b2 _CxxThrowException 11675->11676 11680 14001b8cc 11675->11680 11676->11680 11677 14001af8e ??2@YAPEAX_K 11681 14001af9d 11677->11681 11678->11672 11678->11674 11705 14001ad5a 11678->11705 11922 14002168c ??2@YAPEAX_K 11678->11922 11679 14001ae5a 11679->11677 11679->11681 11769 14001b14d 11679->11769 11685 140018794 _RunAllParam ??3@YAXPEAX 11680->11685 11770 14001b977 11680->11770 11686 14001b11c 11681->11686 11693 14001b48f 11681->11693 11698 14001b51b 11681->11698 11702 14001b674 11681->11702 11741 14002168c 7 API calls 11681->11741 11902 140018938 11681->11902 11926 1400226e0 11681->11926 11929 140022734 11681->11929 11683 140018588 6 API calls 11689 14001b9c3 11683->11689 11684 140018794 _RunAllParam ??3@YAXPEAX 11690 14001b68c 11684->11690 11687 14001b8f7 11685->11687 11932 14001a9ac 11686->11932 11692 140018794 _RunAllParam ??3@YAXPEAX 11687->11692 11694 14001ba1e 11689->11694 11706 1400186b8 6 API calls 11689->11706 11695 140018794 _RunAllParam ??3@YAXPEAX 11690->11695 11697 14001b904 11692->11697 11699 140018794 _RunAllParam ??3@YAXPEAX 11693->11699 11912 140021fa0 11694->11912 11701 14001b699 11695->11701 11696 14001b12d 11942 140021764 11696->11942 11703 140018794 _RunAllParam ??3@YAXPEAX 11697->11703 11717 140018794 _RunAllParam ??3@YAXPEAX 11698->11717 11704 14001b4bc 11699->11704 11700 14001b790 11719 140018794 _RunAllParam ??3@YAXPEAX 11700->11719 11707 140018794 _RunAllParam ??3@YAXPEAX 11701->11707 11702->11684 11710 14001b911 11703->11710 11711 140018794 _RunAllParam ??3@YAXPEAX 11704->11711 11894 14001a544 11705->11894 11706->11689 11713 14001b6a6 11707->11713 11708 14001ba6f 11714 140018794 _RunAllParam ??3@YAXPEAX 11708->11714 11715 140018794 _RunAllParam ??3@YAXPEAX 11710->11715 11716 14001b4c9 11711->11716 11712 140018588 6 API calls 11712->11769 11720 140018794 _RunAllParam ??3@YAXPEAX 11713->11720 11721 14001ba7e 11714->11721 11722 14001b91e 11715->11722 11723 140018794 _RunAllParam ??3@YAXPEAX 11716->11723 11724 14001b548 11717->11724 11718 14001b77b SysFreeString 11718->11702 11726 14001b7a3 11719->11726 11727 14001b6b3 11720->11727 11728 140018794 _RunAllParam ??3@YAXPEAX 11721->11728 11730 140018794 _RunAllParam ??3@YAXPEAX 11722->11730 11731 14001b4d6 11723->11731 11732 140018794 _RunAllParam ??3@YAXPEAX 11724->11732 11725 14000313c 2 API calls 11725->11769 11733 140018794 _RunAllParam ??3@YAXPEAX 11726->11733 11734 140018794 _RunAllParam ??3@YAXPEAX 11727->11734 11729 14001ba8b 11728->11729 11736 140018794 _RunAllParam ??3@YAXPEAX 11729->11736 11737 14001b92b DeleteCriticalSection 11730->11737 11738 140018794 _RunAllParam ??3@YAXPEAX 11731->11738 11742 14001b555 11732->11742 11744 14001b7b0 11733->11744 11735 14001b6c0 DeleteCriticalSection 11734->11735 11745 14001b50b 11735->11745 11746 14001ba98 11736->11746 11737->11745 11748 14001b4e3 11738->11748 11739 1400186b8 6 API calls 11739->11769 11741->11681 11749 140018794 _RunAllParam ??3@YAXPEAX 11742->11749 11750 140018794 _RunAllParam ??3@YAXPEAX 11744->11750 11762 140018794 _RunAllParam ??3@YAXPEAX 11745->11762 11751 140018794 _RunAllParam ??3@YAXPEAX 11746->11751 11752 140018794 _RunAllParam ??3@YAXPEAX 11748->11752 11754 14001b562 11749->11754 11755 14001b7bd 11750->11755 11756 14001baa5 11751->11756 11757 14001b4f0 DeleteCriticalSection 11752->11757 11753 140018794 ??3@YAXPEAX _RunAllParam 11753->11769 11758 140018794 _RunAllParam ??3@YAXPEAX 11754->11758 11759 140018794 _RunAllParam ??3@YAXPEAX 11755->11759 11761 140018794 _RunAllParam ??3@YAXPEAX 11756->11761 11757->11745 11763 14001b56f 11758->11763 11760 14001b7ca 11759->11760 11764 140018794 _RunAllParam ??3@YAXPEAX 11760->11764 11767 14001bab2 11761->11767 11762->11770 11771 140018794 _RunAllParam ??3@YAXPEAX 11763->11771 11773 14001b7d7 DeleteCriticalSection 11764->11773 11765 14001b301 ??3@YAXPEAX ??3@YAXPEAX SysFreeString 11765->11769 11766 14001b6ea ??3@YAXPEAX ??3@YAXPEAX SysFreeString 11774 14001b70c 11766->11774 11775 140018794 _RunAllParam ??3@YAXPEAX 11767->11775 11768 14001b802 11776 140018794 _RunAllParam ??3@YAXPEAX 11768->11776 11769->11675 11769->11693 11769->11700 11769->11702 11769->11712 11769->11718 11769->11725 11769->11739 11769->11753 11769->11765 11769->11766 11769->11768 11905 140015ab0 11769->11905 11947 14000f930 11769->11947 11770->11683 11772 14001b57c DeleteCriticalSection 11771->11772 11772->11745 11773->11745 11777 140018794 _RunAllParam ??3@YAXPEAX 11774->11777 11778 14001babf DeleteCriticalSection 11775->11778 11779 14001b80f 11776->11779 11780 14001b71f 11777->11780 11781 140018794 _RunAllParam ??3@YAXPEAX 11779->11781 11782 140018794 _RunAllParam ??3@YAXPEAX 11780->11782 11783 14001b81c 11781->11783 11784 14001b72c 11782->11784 11785 140018794 _RunAllParam ??3@YAXPEAX 11783->11785 11786 140018794 _RunAllParam ??3@YAXPEAX 11784->11786 11787 14001b829 11785->11787 11788 14001b739 11786->11788 11789 140018794 _RunAllParam ??3@YAXPEAX 11787->11789 11790 140018794 _RunAllParam ??3@YAXPEAX 11788->11790 11791 14001b836 11789->11791 11792 14001b746 11790->11792 11793 140018794 _RunAllParam ??3@YAXPEAX 11791->11793 11794 140018794 _RunAllParam ??3@YAXPEAX 11792->11794 11795 14001b843 11793->11795 11796 14001b753 DeleteCriticalSection 11794->11796 11797 140018794 _RunAllParam ??3@YAXPEAX 11795->11797 11796->11745 11798 14001b850 11797->11798 11799 140018794 _RunAllParam ??3@YAXPEAX 11798->11799 11800 14001b85d DeleteCriticalSection 11799->11800 11800->11745 11804 14001bbdf 11803->11804 11808 14001bbf4 11803->11808 11805 140018588 6 API calls 11804->11805 11806 14001bbeb 11805->11806 11807 1400186b8 6 API calls 11806->11807 11807->11808 11808->11562 11811 14001bd31 11809->11811 11812 14001bd2a 11809->11812 11810 14001bd62 _CxxThrowException 11810->11812 11811->11810 11811->11812 11812->11562 11814 14001ca2d 11813->11814 11814->11591 11822 14000b810 11815->11822 11818 14000d2b3 IsBadReadPtr 11819 14000d2c9 11818->11819 11827 14000b8a4 11819->11827 11823 1400011b4 2 API calls 11822->11823 11824 14000b83d 11823->11824 11825 14000b899 IsWindow 11824->11825 11826 14000b86d GetSystemMetrics GetSystemMetrics 11824->11826 11825->11818 11825->11819 11826->11825 11828 14000b932 ??3@YAXPEAX 11827->11828 11829 14000b8c0 11827->11829 11828->11652 11829->11828 11830 14000313c 2 API calls 11829->11830 11831 14000b8d2 11830->11831 11832 14000313c 2 API calls 11831->11832 11833 14000b8df 11832->11833 11834 140005fa8 15 API calls 11833->11834 11835 14000b8e9 11834->11835 11836 140005fa8 15 API calls 11835->11836 11837 14000b8f3 11836->11837 11840 14000af8c memcpy SystemParametersInfoW 11837->11840 11838 14000b916 ??3@YAXPEAX ??3@YAXPEAX 11838->11828 11841 14000afe5 GetDC GetDeviceCaps MulDiv ReleaseDC 11840->11841 11842 14000b03f GetModuleHandleW 11840->11842 11841->11842 11843 14000b060 DialogBoxIndirectParamW 11842->11843 11844 14000b050 11842->11844 11843->11838 11847 140002640 GetModuleHandleW FindResourceExA 11844->11847 11848 1400026a8 11847->11848 11849 14000268c FindResourceExA 11847->11849 11851 1400026ad SizeofResource 11848->11851 11852 1400026bf LoadResource 11848->11852 11849->11848 11850 1400026de 11849->11850 11854 140002778 11850->11854 11855 1400026eb LoadLibraryA GetProcAddress wsprintfW 11850->11855 11851->11852 11852->11850 11853 1400026d0 LockResource 11852->11853 11853->11854 11854->11843 11856 140002745 LoadLibraryA GetProcAddress 11855->11856 11857 14000276a 11855->11857 11856->11854 11856->11857 11857->11854 11859 14001aac6 11858->11859 11860 14001aad5 11858->11860 11863 14001a818 11859->11863 11860->11657 11864 14001a83b 11863->11864 11865 140018794 _RunAllParam ??3@YAXPEAX 11864->11865 11866 14001a847 11865->11866 11867 140018794 _RunAllParam ??3@YAXPEAX 11866->11867 11868 14001a86d 11867->11868 11869 140018794 _RunAllParam ??3@YAXPEAX 11868->11869 11870 14001a876 11869->11870 11871 140018794 _RunAllParam ??3@YAXPEAX 11870->11871 11872 14001a87f 11871->11872 11873 140018794 _RunAllParam ??3@YAXPEAX 11872->11873 11874 14001a888 11873->11874 11876 14001e60d 11875->11876 11892 14001abb7 11875->11892 11876->11892 11954 14001e1e8 11876->11954 11878 14001e894 11881 140018794 _RunAllParam ??3@YAXPEAX 11878->11881 11880 14001e1e8 6 API calls 11884 14001e6dc 11880->11884 11881->11892 11882 14001e71e 11883 140018794 _RunAllParam ??3@YAXPEAX 11882->11883 11885 14001e728 memset 11883->11885 11884->11878 11884->11882 11886 14001e7f9 11885->11886 11890 14001e784 11885->11890 11887 140018794 _RunAllParam ??3@YAXPEAX 11886->11887 11888 14001e83b 11887->11888 11891 140018794 _RunAllParam ??3@YAXPEAX 11888->11891 11889 1400186b8 6 API calls 11889->11890 11890->11886 11890->11889 11891->11892 11892->11670 11893 14000a4fc InitializeCriticalSection 11892->11893 11893->11678 11895 14001a566 11894->11895 11897 1400186b8 6 API calls 11895->11897 11901 14001a5dd 11895->11901 11896 14001a6be 11898 14001a6f5 11896->11898 11900 1400186b8 6 API calls 11896->11900 11897->11895 11898->11679 11899 1400186b8 6 API calls 11899->11901 11900->11896 11901->11896 11901->11899 11960 1400187c4 11902->11960 11906 140015abf 11905->11906 11907 140015aca 11905->11907 11906->11769 11909 140015b27 11907->11909 11984 140014c30 11907->11984 11911 140015b34 11909->11911 11991 140003114 11909->11991 11911->11769 11913 140021fbc 11912->11913 11921 140022097 11912->11921 11913->11921 11996 140021b8c 11913->11996 11915 140021fd6 11918 140022011 11915->11918 11915->11921 12008 14001a198 11915->12008 11916 1400217e4 131 API calls 11919 140022060 11916->11919 11918->11916 11919->11921 12020 14000a414 WaitForSingleObject 11919->12020 11921->11708 11923 1400216b3 11922->11923 11924 1400186b8 6 API calls 11923->11924 11925 1400216d0 11924->11925 11925->11678 12028 140022650 11926->12028 11930 140022650 17 API calls 11929->11930 11931 140022749 11930->11931 11931->11681 11933 14001a9c6 11932->11933 12085 14001e4f0 11933->12085 11935 14001a9d1 11936 14001e4f0 6 API calls 11935->11936 11937 14001a9e7 11936->11937 12090 14001a3c4 11937->12090 11939 14001a9fd 11940 14001a3c4 6 API calls 11939->11940 11941 14001aa13 11940->11941 11941->11696 11943 140018588 6 API calls 11942->11943 11944 140021792 11943->11944 11945 1400217c5 11944->11945 11946 1400186b8 6 API calls 11944->11946 11945->11769 11946->11944 11948 14000f995 11947->11948 11949 14000f946 11947->11949 11948->11769 11950 14000f97d 11949->11950 11951 14000f950 ??2@YAPEAX_K 11949->11951 11953 14000f97f ??3@YAXPEAX 11950->11953 11952 14000f964 memcpy 11951->11952 11951->11953 11952->11953 11953->11948 11955 14001e1fc 11954->11955 11956 140018588 6 API calls 11955->11956 11957 14001e206 11956->11957 11958 14001e229 11957->11958 11959 1400186b8 6 API calls 11957->11959 11958->11878 11958->11880 11959->11957 11964 1400187f8 11960->11964 11961 1400188b2 ??2@YAPEAX_K 11962 1400188c1 11961->11962 11965 1400188c9 11961->11965 11966 1400194ec 11962->11966 11964->11961 11964->11965 11965->11681 11971 1400030e0 11966->11971 11969 1400195d2 _CxxThrowException 11970 1400195ec 11969->11970 11970->11965 11976 140003074 11971->11976 11974 1400030f2 11974->11969 11974->11970 11975 1400030f6 VirtualAlloc 11975->11974 11977 140003086 11976->11977 11979 140003082 11976->11979 11978 140003097 GlobalMemoryStatusEx 11977->11978 11977->11979 11978->11979 11980 1400030a6 11978->11980 11979->11974 11979->11975 11980->11979 11981 140002bb4 18 API calls 11980->11981 11982 1400030b7 11981->11982 11983 14000d280 41 API calls 11982->11983 11983->11979 11985 140014d8c 11984->11985 11987 140014c4f 11984->11987 11985->11909 11986 140014d03 11988 140014d34 11986->11988 11990 140003114 61 API calls 11986->11990 11987->11985 11987->11986 11989 140003114 61 API calls 11987->11989 11988->11909 11989->11986 11990->11988 11992 140003074 60 API calls 11991->11992 11993 140003122 11992->11993 11994 14000312a malloc 11993->11994 11995 140003126 11993->11995 11994->11995 11995->11911 12004 140021bb9 11996->12004 12007 140021c49 11996->12007 11997 140021f38 11997->11915 11998 140021e15 _CxxThrowException 12001 140021dc2 11998->12001 11999 140021ec9 _CxxThrowException 12003 140021e80 11999->12003 12000 140021f4f _CxxThrowException 12001->11999 12001->12003 12002 140021dfb _CxxThrowException 12002->11998 12003->11997 12003->12000 12006 14002168c 7 API calls 12004->12006 12004->12007 12006->12004 12007->11998 12007->12001 12007->12002 12021 140019f10 ??2@YAPEAX_K 12007->12021 12009 14001a1b1 12008->12009 12013 14001a1ba 12008->12013 12026 14000a4d0 CreateEventW 12009->12026 12014 14001a1f2 12013->12014 12015 14001a1ce 12013->12015 12027 14000a4d0 CreateEventW 12013->12027 12014->11915 12015->12014 12025 14000a4a8 ResetEvent 12015->12025 12016 14001a1db 12017 14000a4a8 ResetEvent 12016->12017 12018 14001a1e4 12017->12018 12018->12014 12019 14000a420 GetLastError _beginthreadex 12018->12019 12019->12014 12022 140019f51 ??2@YAPEAX_K 12021->12022 12024 140019f8b 12022->12024 12024->12007 12038 140022148 12028->12038 12031 14002269b 12033 1400186b8 6 API calls 12031->12033 12032 14002268e 12049 1400224c8 12032->12049 12035 1400226aa 12033->12035 12036 14001a444 9 API calls 12035->12036 12037 1400226cd 12036->12037 12037->11681 12060 1400215ac 12038->12060 12041 140018588 6 API calls 12042 14002222d 12041->12042 12043 140018588 6 API calls 12042->12043 12044 14002223c 12043->12044 12045 140018588 6 API calls 12044->12045 12046 14002224b 12045->12046 12047 140018588 6 API calls 12046->12047 12048 14002225a ??2@YAPEAX_K 12047->12048 12048->12031 12048->12032 12069 140022390 12049->12069 12054 14002227c 7 API calls 12055 1400225a0 12054->12055 12056 140021764 6 API calls 12055->12056 12057 1400225e9 12056->12057 12058 140021764 6 API calls 12057->12058 12059 140022632 12058->12059 12059->12031 12061 140018588 6 API calls 12060->12061 12062 14002164d 12061->12062 12063 140018588 6 API calls 12062->12063 12064 140021659 12063->12064 12065 140018588 6 API calls 12064->12065 12066 140021665 12065->12066 12067 140018588 6 API calls 12066->12067 12068 140021671 12067->12068 12068->12041 12070 1400223bc 12069->12070 12071 140021764 6 API calls 12070->12071 12072 140022418 12071->12072 12073 140021764 6 API calls 12072->12073 12074 140022442 12073->12074 12075 140021764 6 API calls 12074->12075 12076 140022473 12075->12076 12077 140021764 6 API calls 12076->12077 12078 1400224a9 12077->12078 12079 14002227c 12078->12079 12080 14002229b 12079->12080 12081 140018588 6 API calls 12080->12081 12082 1400222ad 12081->12082 12083 1400222cd 12082->12083 12084 14002168c 7 API calls 12082->12084 12083->12054 12084->12082 12086 140018588 6 API calls 12085->12086 12087 14001e51e 12086->12087 12088 14001e551 12087->12088 12089 1400186b8 6 API calls 12087->12089 12088->11935 12089->12087 12091 140018588 6 API calls 12090->12091 12092 14001a3f2 12091->12092 12093 14001a424 12092->12093 12094 1400186b8 6 API calls 12092->12094 12093->11939 12094->12092 10467 14002328c GetStartupInfoW 10468 1400232bf 10467->10468 10469 1400232d1 10468->10469 10471 1400232d8 Sleep 10468->10471 10470 1400232f0 _amsg_exit 10469->10470 10477 1400232fa 10469->10477 10472 140023347 10470->10472 10471->10468 10473 14002336a _initterm 10472->10473 10474 14002334b 10472->10474 10475 140023387 10472->10475 10473->10475 10475->10474 10476 14002345a _ismbblead 10475->10476 10478 1400233de 10475->10478 10476->10475 10477->10472 10485 140023600 SetUnhandledExceptionFilter 10477->10485 10486 14000a34c 10478->10486 10481 140023431 10481->10474 10483 14002343a _cexit 10481->10483 10482 140023429 exit 10482->10481 10483->10474 10485->10477 10489 140007fa4 ?_set_new_handler@@YAP6AH_K@ZP6AH0@Z 10486->10489 10845 14000252c GetModuleHandleW CreateWindowExW 10489->10845 10492 14000a307 MessageBoxA 10494 14000a328 10492->10494 10493 140007ff8 10493->10492 10495 140008014 10493->10495 10494->10481 10494->10482 10848 1400011b4 10495->10848 10498 1400011b4 2 API calls 10499 140008097 10498->10499 10500 1400011b4 2 API calls 10499->10500 10501 1400080f0 GetCommandLineW 10500->10501 10853 140006bd0 10501->10853 10507 140008140 lstrlenW 10508 1400044d4 11 API calls 10507->10508 10509 140008175 10508->10509 10510 140002e2c LoadLibraryA GetProcAddress GetNativeSystemInfo 10509->10510 10511 14000817a 10510->10511 10512 1400044d4 11 API calls 10511->10512 10513 14000818c 10512->10513 10514 1400044d4 11 API calls 10513->10514 10515 14000819e 10514->10515 10516 140005e24 32 API calls 10515->10516 10517 1400081a3 10516->10517 10518 1400081b7 wsprintfW 10517->10518 10520 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10517->10520 10519 1400081dc 10518->10519 10521 1400044d4 11 API calls 10519->10521 10520->10518 10522 140008209 10521->10522 10523 14000620c lstrlenW lstrlenW CharUpperW 10522->10523 10524 140008218 10523->10524 10526 140008223 _wtol 10524->10526 10528 14000824a 10524->10528 10525 14000620c lstrlenW lstrlenW CharUpperW 10527 140008279 10525->10527 10526->10528 10529 140008288 10527->10529 10530 14000827e 10527->10530 10528->10525 10532 14000620c lstrlenW lstrlenW CharUpperW 10529->10532 10531 140007164 58 API calls 10530->10531 10598 140008283 10531->10598 10533 140008297 10532->10533 10535 1400082ab 10533->10535 10536 14000829c 10533->10536 10534 14000a044 ??3@YAXPEAX 10539 14000a06d 10534->10539 10538 14000620c lstrlenW lstrlenW CharUpperW 10535->10538 10537 1400077cc 10 API calls 10536->10537 10537->10598 10543 1400082bd 10538->10543 10540 140018794 _RunAllParam ??3@YAXPEAX 10539->10540 10541 14000a07a ??3@YAXPEAX ??3@YAXPEAX 10540->10541 10541->10494 10542 1400082fa GetModuleFileNameW 10545 140008327 10542->10545 10546 140008310 10542->10546 10543->10542 10544 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10543->10544 10544->10542 10548 14000620c lstrlenW lstrlenW CharUpperW 10545->10548 10547 14000d328 70 API calls 10546->10547 10547->10598 10563 140008360 10548->10563 10549 14000854e 10550 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10549->10550 10552 1400085a1 10549->10552 10550->10552 10551 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10553 1400085f9 10551->10553 10552->10551 10552->10553 10557 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10553->10557 10581 14000872b 10553->10581 10554 14000844a 10555 14000847e 10554->10555 10558 140008467 _wtol 10554->10558 10554->10598 10560 14000620c lstrlenW lstrlenW CharUpperW 10555->10560 10556 140002e2c LoadLibraryA GetProcAddress GetNativeSystemInfo 10559 140008753 10556->10559 10561 14000865f 10557->10561 10558->10555 10562 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10559->10562 10568 1400084e9 10560->10568 10564 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10561->10564 10565 140008762 ??2@YAPEAX_K 10562->10565 10563->10549 10563->10554 10563->10555 10567 1400018e8 ??2@YAPEAX_K ??3@YAXPEAX 10563->10567 10563->10598 10569 14000867a 10564->10569 10566 140008774 10565->10566 10574 1400181b0 FindCloseChangeNotification CreateFileW 10566->10574 10567->10563 10568->10549 10570 140006bd0 ??2@YAPEAX_K ??3@YAXPEAX 10568->10570 10571 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10569->10571 10577 1400086e8 10569->10577 10573 140008520 10570->10573 10571->10577 10572 140002bb4 18 API calls 10575 140008720 10572->10575 10573->10549 10582 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10573->10582 10578 1400087bc 10574->10578 10576 1400031a8 ??2@YAPEAX_K ??3@YAXPEAX 10575->10576 10576->10581 10577->10572 10577->10577 10579 1400087c1 10578->10579 10580 1400087ed 10578->10580 10583 14000d328 70 API calls 10579->10583 10584 140002f84 ??2@YAPEAX_K ??3@YAXPEAX 10580->10584 10581->10556 10582->10549 10583->10598 10585 140008811 10584->10585 10586 1400055a0 19 API calls 10585->10586 10587 14000881e 10586->10587 10588 140008823 10587->10588 10589 14000884c 10587->10589 10590 14000d328 70 API calls 10588->10590 10591 14000620c lstrlenW lstrlenW CharUpperW 10589->10591 10595 1400088fa 10589->10595 10592 14000882d ??3@YAXPEAX 10590->10592 10593 140008867 10591->10593 10592->10598 10593->10595 10602 140008870 10593->10602 10594 14000892a 10597 1400088d9 ??3@YAXPEAX 10594->10597 10600 140008942 wsprintfW 10594->10600 10601 14000897e 10594->10601 10608 1400044d4 11 API calls 10594->10608 10595->10594 10596 1400046b4 107 API calls 10595->10596 10599 140008925 10596->10599 10597->10534 10597->10598 10598->10534 10599->10594 10603 1400088b7 ??3@YAXPEAX 10599->10603 10604 140002bb4 18 API calls 10600->10604 10605 140006c60 24 API calls 10601->10605 10602->10597 10607 140007be0 109 API calls 10602->10607 10603->10598 10604->10594 10606 14000898b 10605->10606 10609 1400044d4 11 API calls 10606->10609 10610 1400088a6 10607->10610 10608->10594 10660 1400089a8 10609->10660 10610->10597 10611 1400088ab 10610->10611 10612 14000d328 70 API calls 10611->10612 10612->10603 10613 140008cda 10614 140008d82 10613->10614 10615 14000313c ??2@YAPEAX_K ??3@YAXPEAX 10613->10615 10616 1400044d4 11 API calls 10614->10616 10617 140008d02 10615->10617 10618 140008da2 10616->10618 10619 1400068f8 ??2@YAPEAX_K ??3@YAXPEAX ??3@YAXPEAX 10617->10619 10620 14000313c ??2@YAPEAX_K ??3@YAXPEAX 10618->10620 10621 140008d1b 10619->10621 10622 140008db2 10620->10622 10623 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10621->10623 10626 1400068f8 ??2@YAPEAX_K ??3@YAXPEAX ??3@YAXPEAX 10622->10626 10624 140008d37 ??3@YAXPEAX ??3@YAXPEAX 10623->10624 10631 140007b74 ??2@YAPEAX_K ??3@YAXPEAX memcpy 10624->10631 10625 140006f9c 114 API calls 10625->10660 10627 140008dcb 10626->10627 10629 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10627->10629 10630 140008de7 ??3@YAXPEAX ??3@YAXPEAX 10629->10630 10636 140007b74 ??2@YAPEAX_K ??3@YAXPEAX memcpy 10630->10636 10632 140008d78 10631->10632 10635 140007b08 ??2@YAPEAX_K ??3@YAXPEAX memcpy 10632->10635 10633 140005fd4 lstrlenW lstrlenW _wcsnicmp 10633->10660 10635->10614 10637 140008e2d 10636->10637 10638 140007b08 ??2@YAPEAX_K ??3@YAXPEAX memcpy 10637->10638 10639 140008e37 10638->10639 10640 1400044d4 11 API calls 10639->10640 10641 140008e4e 10640->10641 10642 140006c60 24 API calls 10641->10642 10643 140008e5b 10642->10643 10645 140002e64 AllocateAndInitializeSid CheckTokenMembership FreeSid 10643->10645 10664 14000906b 10643->10664 10644 140003e6c lstrcmpW 10644->10664 10646 140008e76 10645->10646 10649 140008e7e 10646->10649 10646->10664 10647 140008b9d _wtol 10647->10660 10648 1400090e5 10653 1400065b0 17 API calls 10648->10653 10650 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10649->10650 10652 140008e9c 10650->10652 10651 14000313c ??2@YAPEAX_K ??3@YAXPEAX 10651->10664 10655 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10652->10655 10654 1400090f1 10653->10654 10657 140009196 CoInitialize 10654->10657 10658 140009110 10654->10658 10659 140008ec1 GetCommandLineW 10655->10659 10656 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10656->10660 10667 140003e6c lstrcmpW 10657->10667 10661 140003e6c lstrcmpW 10658->10661 10662 140006bd0 ??2@YAPEAX_K ??3@YAXPEAX 10659->10662 10660->10613 10660->10625 10660->10633 10660->10647 10660->10656 10666 140006bd0 ??2@YAPEAX_K ??3@YAXPEAX 10660->10666 10671 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10660->10671 10681 14000666c 114 API calls 10660->10681 10692 140008cb8 ??3@YAXPEAX 10660->10692 10668 140009127 10661->10668 10669 140008ed4 10662->10669 10663 1400090e7 ??3@YAXPEAX 10663->10648 10664->10644 10664->10648 10664->10651 10664->10663 10670 1400044d4 11 API calls 10664->10670 10666->10660 10672 1400091cb 10667->10672 10673 140009139 10668->10673 10678 140002bb4 18 API calls 10668->10678 10674 14000313c ??2@YAPEAX_K ??3@YAXPEAX 10669->10674 10675 1400090b1 ??3@YAXPEAX 10670->10675 10676 140008ca2 ??3@YAXPEAX 10671->10676 10677 1400091e2 10672->10677 10682 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10672->10682 10680 14000b810 ??2@YAPEAX_K ??3@YAXPEAX GetSystemMetrics GetSystemMetrics 10673->10680 10679 140008ee1 10674->10679 10675->10664 10676->10660 10683 140005f64 12 API calls 10677->10683 10678->10673 10684 140006a2c ??2@YAPEAX_K ??3@YAXPEAX 10679->10684 10685 140009149 10680->10685 10681->10660 10682->10677 10686 1400091ea 10683->10686 10687 140008ef7 10684->10687 10688 14000b8a4 36 API calls 10685->10688 10689 140003e6c lstrcmpW 10686->10689 10690 140006a90 ??2@YAPEAX_K ??3@YAXPEAX 10687->10690 10691 140009184 _RunAllParam 10688->10691 10693 140009201 10689->10693 10694 140008f0e 10690->10694 10691->10597 10692->10598 10695 140009326 10693->10695 10700 14000921a lstrlenW 10693->10700 10696 140006a90 ??2@YAPEAX_K ??3@YAXPEAX 10694->10696 10697 140003e6c lstrcmpW 10695->10697 10698 140008f22 10696->10698 10699 140009344 10697->10699 10701 140006afc ??2@YAPEAX_K ??3@YAXPEAX 10698->10701 10702 140009358 10699->10702 10703 140009349 _wtol 10699->10703 10704 140009239 10700->10704 10705 140008f37 10701->10705 10707 140009390 10702->10707 10708 140009360 10702->10708 10703->10702 10713 14000924e memcpy 10704->10713 10706 140001974 ??2@YAPEAX_K ??3@YAXPEAX 10705->10706 10710 140008f4c 10706->10710 10711 1400093a8 10707->10711 10712 140009399 10707->10712 10709 14000d590 78 API calls 10708->10709 10714 14000936d ??3@YAXPEAX 10709->10714 10715 140008f9e 7 API calls 10710->10715 10717 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10710->10717 10720 140001700 241 API calls 10711->10720 10762 1400093b9 10711->10762 10716 14000d46c GetStdHandle WriteFile lstrcmpW 10712->10716 10725 14000926b 10713->10725 10714->10598 10722 140007290 8 API calls 10715->10722 10719 1400093a6 10716->10719 10721 140008f7e 10717->10721 10719->10714 10720->10762 10721->10715 10723 14000900d 10722->10723 10726 140009016 ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX 10723->10726 10727 14000904f ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX 10723->10727 10724 1400093bd ??3@YAXPEAX 10724->10598 10731 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10725->10731 10728 14000903c 10726->10728 10727->10597 10728->10534 10729 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10729->10762 10730 14000c3c8 39 API calls 10730->10762 10731->10695 10732 140009418 GetKeyState 10732->10762 10733 140003e6c lstrcmpW 10733->10762 10734 14000963c 10736 140009646 10734->10736 10737 1400096ba 10734->10737 10735 1400018e8 ??2@YAPEAX_K ??3@YAXPEAX 10735->10762 10738 140006474 6 API calls 10736->10738 10739 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10737->10739 10740 140009657 10738->10740 10742 1400096d1 10739->10742 10743 14000969f ??3@YAXPEAX 10740->10743 10744 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10740->10744 10741 14000c4ac 39 API calls 10741->10762 10751 140005f64 12 API calls 10742->10751 10754 14000975e 10743->10754 10746 14000967a 10744->10746 10745 1400095f9 10749 14000d328 70 API calls 10745->10749 10746->10743 10747 140009632 ??3@YAXPEAX 10747->10734 10748 1400095ef ??3@YAXPEAX 10748->10762 10752 140009608 ??3@YAXPEAX ??3@YAXPEAX 10749->10752 10750 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10750->10762 10753 140009703 10751->10753 10752->10598 10755 14000974d ??3@YAXPEAX 10753->10755 10756 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10753->10756 10757 1400097ad 10754->10757 10758 1400097a0 10754->10758 10755->10754 10759 140009725 10756->10759 10761 14000c544 39 API calls 10757->10761 10760 140001cf0 249 API calls 10758->10760 10759->10755 10763 1400097ab 10760->10763 10761->10763 10762->10724 10762->10729 10762->10730 10762->10732 10762->10733 10762->10734 10762->10735 10762->10741 10762->10745 10762->10747 10762->10748 10762->10750 10764 140009803 10763->10764 10765 1400097bf 10763->10765 10766 1400065b0 17 API calls 10764->10766 10767 1400097d4 ??3@YAXPEAX ??3@YAXPEAX 10765->10767 10768 1400097c8 10765->10768 10769 140009808 10766->10769 10767->10598 10770 140003fcc 16 API calls 10768->10770 10771 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10769->10771 10774 14000981b 10769->10774 10770->10767 10772 14000984b 10771->10772 10775 140006b68 16 API calls 10772->10775 10827 140009862 10772->10827 10773 14000a209 _RunAllParam 10777 14000a296 ??3@YAXPEAX ??3@YAXPEAX 10773->10777 10782 140003e6c lstrcmpW 10773->10782 10774->10773 10776 140003e6c lstrcmpW 10774->10776 10775->10827 10778 14000a1a3 10776->10778 10779 14000a2b6 ??3@YAXPEAX 10777->10779 10780 14000a2ad 10777->10780 10778->10773 10784 14000b810 ??2@YAPEAX_K ??3@YAXPEAX GetSystemMetrics GetSystemMetrics 10778->10784 10781 14000a2df 10779->10781 10780->10779 10786 140018794 _RunAllParam ??3@YAXPEAX 10781->10786 10783 14000a23a 10782->10783 10783->10777 10789 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10783->10789 10785 14000a1ce 10784->10785 10787 14000b8a4 36 API calls 10785->10787 10788 14000a2ec ??3@YAXPEAX ??3@YAXPEAX 10786->10788 10787->10773 10788->10494 10793 14000a262 10789->10793 10790 140003e6c lstrcmpW 10790->10827 10791 140009f9e ??3@YAXPEAX 10792 14000a0bf ??3@YAXPEAX 10791->10792 10794 14000a151 ??3@YAXPEAX 10792->10794 10795 14000a0d0 10792->10795 10799 140007834 33 API calls 10793->10799 10794->10774 10796 1400065b0 17 API calls 10795->10796 10798 14000a0d5 10796->10798 10797 140006a90 ??2@YAPEAX_K ??3@YAXPEAX 10797->10827 10800 140007018 ??2@YAPEAX_K ??3@YAXPEAX lstrcmpW ??3@YAXPEAX 10798->10800 10799->10777 10802 14000a106 SetCurrentDirectoryW 10800->10802 10801 140009973 ??3@YAXPEAX ??3@YAXPEAX GetFileAttributesW 10805 140009f35 10801->10805 10830 140009965 10801->10830 10806 140007018 ??2@YAPEAX_K ??3@YAXPEAX lstrcmpW ??3@YAXPEAX 10802->10806 10803 140005fa8 15 API calls 10803->10827 10804 1400018e8 ??2@YAPEAX_K ??3@YAXPEAX 10807 140009a25 ??3@YAXPEAX ??3@YAXPEAX 10804->10807 10808 140009f4a 10805->10808 10810 140003fcc 16 API calls 10805->10810 10809 14000a13c 10806->10809 10807->10827 10812 14000d328 70 API calls 10808->10812 10809->10794 10811 14000a145 10809->10811 10810->10808 10813 140003fcc 16 API calls 10811->10813 10814 140009f56 ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX 10812->10814 10813->10794 10814->10598 10815 140009f90 10814->10815 10815->10598 10816 140009b6f _wtol 10816->10827 10817 140006030 lstrlenW lstrlenW _wcsnicmp 10817->10827 10818 140005fd4 lstrlenW lstrlenW _wcsnicmp 10818->10827 10819 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10819->10827 10820 1400014a0 ??2@YAPEAX_K ??3@YAXPEAX 10820->10827 10821 1400031a8 ??2@YAPEAX_K ??3@YAXPEAX 10821->10827 10822 140006bd0 ??2@YAPEAX_K ??3@YAXPEAX 10822->10827 10823 14000313c ??2@YAPEAX_K ??3@YAXPEAX 10823->10827 10824 14000a098 ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX 10824->10792 10825 140009ee8 ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX ??3@YAXPEAX 10825->10827 10826 140005fa8 15 API calls 10826->10830 10827->10790 10827->10791 10827->10797 10827->10803 10827->10804 10827->10816 10827->10817 10827->10818 10827->10819 10827->10820 10827->10821 10827->10822 10827->10823 10827->10824 10827->10825 10827->10830 10828 1400073ec 32 API calls 10828->10830 10829 140006a2c ??2@YAPEAX_K ??3@YAXPEAX 10829->10830 10830->10801 10830->10826 10830->10827 10830->10828 10830->10829 10831 140009fbc SetLastError 10830->10831 10832 140006a90 ??2@YAPEAX_K ??3@YAXPEAX 10830->10832 10835 140001974 ??2@YAPEAX_K ??3@YAXPEAX 10830->10835 10833 140009fc4 10831->10833 10832->10830 10834 14000d328 70 API calls 10833->10834 10836 140009fd4 10834->10836 10837 140009e6f ??3@YAXPEAX ??3@YAXPEAX 10835->10837 10839 140009fe9 7 API calls 10836->10839 10840 140009fdd 10836->10840 10838 140007290 8 API calls 10837->10838 10841 140009ea3 10838->10841 10839->10598 10842 140003fcc 16 API calls 10840->10842 10843 140009fb5 ??3@YAXPEAX 10841->10843 10844 140009eae ??3@YAXPEAX 10841->10844 10842->10839 10843->10833 10844->10827 10846 1400025d7 GetVersionExW 10845->10846 10847 14000258f SetTimer GetMessageW DispatchMessageW KillTimer DestroyWindow 10845->10847 10846->10492 10846->10493 10847->10846 10849 1400011ce ??2@YAPEAX_K 10848->10849 10850 140001221 10848->10850 10849->10850 10851 1400011f5 ??3@YAXPEAX 10849->10851 10850->10498 10851->10850 10854 140006be9 10853->10854 10855 140006c1a 10853->10855 10856 140006c12 10854->10856 10876 1400018e8 10854->10876 10855->10856 10857 1400018e8 2 API calls 10855->10857 10859 1400031a8 10856->10859 10857->10855 10861 1400031c4 10859->10861 10860 140003222 10863 140003bb8 10860->10863 10861->10860 10862 1400011b4 2 API calls 10861->10862 10862->10860 10864 1400011b4 2 API calls 10863->10864 10874 140003bf4 10864->10874 10865 140003d8d 10866 1400011b4 2 API calls 10865->10866 10868 140003db0 10865->10868 10866->10868 10867 1400018e8 ??2@YAPEAX_K ??3@YAXPEAX 10867->10874 10870 1400011b4 ??2@YAPEAX_K ??3@YAXPEAX 10870->10874 10872 140003cf0 ??3@YAXPEAX 10891 14000150c 10872->10891 10874->10865 10874->10867 10874->10870 10874->10872 10874->10874 10880 140002f84 10874->10880 10885 140003688 10874->10885 10877 14000194b 10876->10877 10878 14000190d 10876->10878 10877->10854 10879 1400011b4 2 API calls 10878->10879 10879->10877 10881 140002fd8 10880->10881 10882 140002f9e ??2@YAPEAX_K 10880->10882 10881->10874 10882->10881 10883 140002faf ??3@YAXPEAX 10882->10883 10883->10881 10886 1400011b4 2 API calls 10885->10886 10887 1400036bb 10886->10887 10888 140003701 10887->10888 10889 1400036d3 MultiByteToWideChar 10887->10889 10890 1400011b4 2 API calls 10887->10890 10888->10874 10889->10888 10890->10889 10892 14000156d ??3@YAXPEAX ??3@YAXPEAX 10891->10892 10893 140001531 10891->10893 10892->10874 10894 1400011b4 2 API calls 10893->10894 10894->10892 13074 14000b798 13083 14000b0a4 13074->13083 13077 1400025e0 4 API calls 13078 14000b7c2 13077->13078 13094 14000aa08 GetDlgItem SetWindowPos 13078->13094 13080 14000b801 13081 14000b660 27 API calls 13080->13081 13082 14000b809 13081->13082 13084 14000aa68 26 API calls 13083->13084 13085 14000b0b2 GetDlgItem 13084->13085 13086 1400025e0 4 API calls 13085->13086 13087 14000b0ce GetDlgItem 13086->13087 13088 1400025e0 4 API calls 13087->13088 13089 14000b0ea GetClientRect 13088->13089 13095 14000aa08 GetDlgItem SetWindowPos 13089->13095 13091 14000b160 13096 14000aa08 GetDlgItem SetWindowPos 13091->13096 13093 14000b198 GetDlgItem 13093->13077 13094->13080 13095->13091 13096->13093 12552 14000bea8 12570 14000b4b4 12552->12570 12555 14000bee4 12557 14000313c 2 API calls 12555->12557 12556 14000bece GetSystemMetrics 12556->12555 12558 14000bef2 12557->12558 12559 14000bf0c 12558->12559 12561 1400031a8 2 API calls 12558->12561 12580 14000a780 SystemParametersInfoW 12559->12580 12561->12559 12564 1400025e0 4 API calls 12569 14000bf4b 12564->12569 12565 14000bfbc ??3@YAXPEAX 12566 14000bfa0 GetDlgItem 12568 1400025e0 4 API calls 12566->12568 12568->12565 12569->12565 12569->12566 12571 14000b4f8 12570->12571 12572 14000b4e0 GetSystemMetrics GetSystemMetrics 12570->12572 12589 14000a910 GetDC 12571->12589 12572->12571 12574 14000a780 12 API calls 12575 14000b535 GetDlgItem 12574->12575 12577 1400025e0 4 API calls 12575->12577 12578 14000b562 GetSystemMetrics 12577->12578 12578->12555 12578->12556 12581 14000a7c4 12580->12581 12585 14000a82d GetDlgItem 12580->12585 12582 14000a7e6 CreateFontIndirectW 12581->12582 12583 14000a7db GetSystemMetrics 12581->12583 12584 14000a7f9 12582->12584 12582->12585 12583->12582 12588 14000a910 8 API calls 12584->12588 12585->12564 12586 14000a817 DeleteObject 12586->12585 12588->12586 12590 14000a9e7 12589->12590 12591 14000a950 GetSystemMetrics GetSystemMetrics GetSystemMetrics SelectObject DrawTextW 12589->12591 12590->12574 12592 14000a9c1 SelectObject ReleaseDC 12591->12592 12592->12590 13123 140019dac 13124 140019dc9 13123->13124 13129 140019e13 13124->13129 13130 14000a4a8 ResetEvent 13124->13130 10902 1400012cc 10903 1400012d9 10902->10903 10904 1400012e6 10902->10904 10905 1400012fe 10904->10905 10910 140018254 SetFileTime 10904->10910 10906 14000130d 10905->10906 10911 140001aa4 10905->10911 10906->10903 10908 140001318 SetFileAttributesW 10906->10908 10908->10903 10910->10905 10912 140001ab1 10911->10912 10913 140001abc 10911->10913 10915 140001ac4 10912->10915 10913->10906 10920 140018128 10915->10920 10918 140001af3 10918->10913 10919 140001aeb ??3@YAXPEAX 10919->10918 10921 14001805c 10920->10921 10922 14001806b FindCloseChangeNotification 10921->10922 10923 140001ae6 10921->10923 10922->10923 10923->10918 10923->10919 10895 14001aadc 10898 14001ab06 10895->10898 10896 14001ab52 10897 14000a3d8 FindCloseChangeNotification GetLastError 10897->10898 10898->10896 10898->10897 10899 14000a3d8 2 API calls 10898->10899 10900 14001ab40 ??3@YAXPEAX 10899->10900 10900->10898 10901 1400181dc ReadFile

            Executed Functions

            Function 0000000140007FA4 Relevance: 255.8, APIs: 95, Strings: 50, Instructions: 2028stringwindowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@Messagelstrlen$ModuleTimerWindowwsprintf$?_set_new_handler@@CommandCreateCurrentDestroyDirectoryDispatchFileFolderHandleKillLineNamePathSpecialVersion_wtol
            • String ID: $" -$123456789ABCDEFGHJKMNPQRSTUVWXYZ$7-Zip SFX$7ZipSfx.%03x$:$AutoInstall$BeginPrompt$BeginPromptTimeout$Delete$ExecuteFile$ExecuteParameters$FinishMessage$GUIFlags$GUIMode$HelpText$InstallPath$MiscFlags$OverwriteMode$RunProgram$SelfDelete$SetEnvironment$SfxAuthor$SfxString%d$SfxVarCmdLine0$SfxVarCmdLine1$SfxVarCmdLine2$SfxVarModulePlatform$SfxVarSystemLanguage$SfxVarSystemPlatform$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$amd64$bpt$del$forcenowait$hidcon$i386$nowait$setup.exe$sfxconfig$sfxelevation$sfxlang$sfxtest$sfxversion$sfxwaitall$shc$waitall$x64$x86
            • API String ID: 3747563368-1559077127
            • Opcode ID: 4ef42f46e25c75f399746fa4bbb1b5ad56f32420e56fd404ebd352ac327b6c5f
            • Instruction ID: db551c5363eaed7a2341ab669c1e9c118c0dded1f732eccb4f1a25bb0e919439
            • Opcode Fuzzy Hash: 4ef42f46e25c75f399746fa4bbb1b5ad56f32420e56fd404ebd352ac327b6c5f
            • Instruction Fuzzy Hash: 02238FB260468181EA73EB17F4513EAA3A1F78D7D0F858016FB8A476B6DB7CC985C701
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000CE2C Relevance: 30.1, APIs: 20, Instructions: 142windowcomtimeCOMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Item$Window$??3@$EnableLongMenuShowText$CreateFocusInstanceMessageSendSystemTimer
            • String ID:
            • API String ID: 2865198823-0
            • Opcode ID: 5ce78dd444096b8786c346c29929ee32c62203d06813a0206295d19df5ea6e21
            • Instruction ID: 079c7ac86b116e49045ffb4edc75684c67d86df7d9bfec031532efdebc40771f
            • Opcode Fuzzy Hash: 5ce78dd444096b8786c346c29929ee32c62203d06813a0206295d19df5ea6e21
            • Instruction Fuzzy Hash: D6612675700A5182EB16EB23F8543AA63A1FB8DBC4F548029AF5A47B76CF3DD8468700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001AB78 Relevance: 29.3, APIs: 19, Instructions: 841COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@$memset
            • String ID:
            • API String ID: 1860491036-0
            • Opcode ID: 754dafb53211b6b89d7064efe52fa548b32d53189381823beab15babbee0611b
            • Instruction ID: ed1fc53f798cd692ea34d8e720e547a4d58ead03ce6a790df6d4e213704e53ff
            • Opcode Fuzzy Hash: 754dafb53211b6b89d7064efe52fa548b32d53189381823beab15babbee0611b
            • Instruction Fuzzy Hash: DC920A36209AC486DB71DF26E4907DEB3A0F789B84F944116EB8E47BA5DF39C549CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002640 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 83libraryloaderCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1380 140002640-14000268a GetModuleHandleW FindResourceExA 1381 1400026a8-1400026ab 1380->1381 1382 14000268c-1400026a6 FindResourceExA 1380->1382 1384 1400026ad-1400026bc SizeofResource 1381->1384 1385 1400026bf-1400026ce LoadResource 1381->1385 1382->1381 1383 1400026de-1400026e5 1382->1383 1387 140002778 1383->1387 1388 1400026eb-140002743 LoadLibraryA GetProcAddress wsprintfW 1383->1388 1384->1385 1385->1383 1386 1400026d0-1400026d9 LockResource 1385->1386 1389 14000277a-140002794 1386->1389 1387->1389 1390 140002745-140002768 LoadLibraryA GetProcAddress 1388->1390 1391 14000276a-140002772 1388->1391 1390->1387 1390->1391 1391->1387
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Resource$Load$AddressFindLibraryProc$HandleLockModuleSizeofwsprintf
            • String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages$kernel32
            • API String ID: 2639302590-365843014
            • Opcode ID: a2f189bdfd28608f52dff0fd3af26c1fbaefb9dd969611c1fe3c02c1d799a4c5
            • Instruction ID: f6dca357354e6560be330941fd006cb1e74769c1960c74121044c9e71c2572c5
            • Opcode Fuzzy Hash: a2f189bdfd28608f52dff0fd3af26c1fbaefb9dd969611c1fe3c02c1d799a4c5
            • Instruction Fuzzy Hash: 7E310E71301A01C6EF569B13B8487A863A0B74CFD5F898129AE4E47774EF38D949CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140004C64 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 124stringtimeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1549 140004c64-140004c98 lstrlenW call 14000313c 1552 140004ca6-140004cb7 1549->1552 1553 140004c9a-140004ca1 call 1400011b4 1549->1553 1555 140004cc2-140004cc9 1552->1555 1556 140004cb9-140004cc0 1552->1556 1553->1552 1557 140004ccc-140004cd5 1555->1557 1556->1555 1556->1557 1558 140004cfa-140004d04 call 140002348 1557->1558 1561 140004d06-140004d1c GetSystemTimeAsFileTime GetFileAttributesW 1558->1561 1562 140004ceb-140004cee 1558->1562 1565 140004d33-140004d36 call 140002348 1561->1565 1566 140004d1e-140004d2d call 140004620 1561->1566 1563 140004cd7-140004cdc 1562->1563 1564 140004cf0-140004cf3 1562->1564 1563->1564 1568 140004cde-140004ce3 1563->1568 1569 140004cf5 1564->1569 1570 140004d4b-140004d4f 1564->1570 1572 140004d3b-140004d3d 1565->1572 1566->1565 1581 140004df0 1566->1581 1568->1564 1573 140004ce5-140004ce8 1568->1573 1569->1558 1574 140004d51-140004d5d 1570->1574 1575 140004d70-140004d89 call 14000d328 ??3@YAXPEAX@Z 1570->1575 1577 140004de1-140004deb call 14000d328 1572->1577 1578 140004d43-140004d46 1572->1578 1573->1562 1574->1575 1579 140004d5f-140004d63 1574->1579 1589 140004dfc-140004e12 1575->1589 1577->1581 1582 140004dda-140004ddd 1578->1582 1579->1575 1583 140004d65-140004d6a 1579->1583 1586 140004df2-140004dfa ??3@YAXPEAX@Z 1581->1586 1587 140004d8b-140004dac call 1400231ec 1582->1587 1588 140004ddf 1582->1588 1583->1575 1583->1586 1586->1589 1592 140004dba 1587->1592 1588->1586 1593 140004dc9-140004dd8 call 140002348 1592->1593 1594 140004dbc-140004dc7 1592->1594 1593->1577 1593->1582 1594->1593 1595 140004dae-140004db3 1594->1595 1595->1593 1598 140004db5 1595->1598 1598->1592
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$FileTime$??2@AttributesSystemlstrlen
            • String ID: /$:
            • API String ID: 655742493-4222935259
            • Opcode ID: d157c9533f0f9d49ef8e3418face91079c4844c2be8b94a2e191a57bb3c86796
            • Instruction ID: f8fbb18883293c944a5223a04127ae13a98a5e64185f6a48e103599028eb0a7f
            • Opcode Fuzzy Hash: d157c9533f0f9d49ef8e3418face91079c4844c2be8b94a2e191a57bb3c86796
            • Instruction Fuzzy Hash: 1E4176F260074191FB76EF27B8057ED62A0B758BC8F049122BF46476FBDBB8C9468245
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002DF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15libraryloaderCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: AddressInfoLibraryLoadNativeProcSystem
            • String ID: GetNativeSystemInfo$kernel32
            • API String ID: 2103483237-3846845290
            • Opcode ID: 169ea72a8e44f366d28411f9fb4270812fba7da24471d97dbd32d1ceaaff366f
            • Instruction ID: 12807e536fd761ecd2e755d78b37e2178466a37d5335733e22d95b3fde629c5d
            • Opcode Fuzzy Hash: 169ea72a8e44f366d28411f9fb4270812fba7da24471d97dbd32d1ceaaff366f
            • Instruction Fuzzy Hash: 65E0B634614981C2EA67AB52F8503A522A4B788B80F840119B64E432B0EF3CDA4A8600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140004620 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: AttributesErrorFileLast
            • String ID:
            • API String ID: 1799206407-0
            • Opcode ID: 732aa5cf8a0b536b1d73982889c9a663d39d9e536a769e1e128de2abf31fdd25
            • Instruction ID: f2a4ae8da89aa704bebc97db6a782c5147fdb8b6e4a3716fcaa04814ab1f2660
            • Opcode Fuzzy Hash: 732aa5cf8a0b536b1d73982889c9a663d39d9e536a769e1e128de2abf31fdd25
            • Instruction Fuzzy Hash: 130175F020490581FB62CB23F8443E91350A78EBF4F544324FB76472F6EE79C8488A06
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001BE60 Relevance: 3.6, APIs: 2, Instructions: 607COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@
            • String ID:
            • API String ID: 1033339047-0
            • Opcode ID: b8ce4e3a7f9cda4a03bc003810d2454121b1d52160f0f282c9a5e923796ff970
            • Instruction ID: f66374e12b2ef1ee8c20eee0e254ebf10d7c98769e3fdc09a342321545d7bcfe
            • Opcode Fuzzy Hash: b8ce4e3a7f9cda4a03bc003810d2454121b1d52160f0f282c9a5e923796ff970
            • Instruction Fuzzy Hash: 21526E36218B8082DB65DF26E4907EEB7A0F788BD4F144116EF8A4BBA5DF39C455CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001240 Relevance: 3.0, APIs: 2, Instructions: 32windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@DiskFreeMessageReadSendSpaceWindow
            • String ID:
            • API String ID: 1707747161-0
            • Opcode ID: 34a6eb46a1e37af6cfcb9f0952c6949315762cfb0f2351f1f41dadfaf1e27716
            • Instruction ID: 4832e38faedfc34bcfc9005da668c70e8bca9e0630ae1cf6d573793ac2f8c69a
            • Opcode Fuzzy Hash: 34a6eb46a1e37af6cfcb9f0952c6949315762cfb0f2351f1f41dadfaf1e27716
            • Instruction Fuzzy Hash: 1A018B7162054282FB12DB62B8187D523A0EBCD3C4F804419FB4A87AB4DFB9C8568B01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001120 Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ExceptionHandlerVectored
            • String ID:
            • API String ID: 3310709589-0
            • Opcode ID: 29db9e29e85a20634c378d6f7e594186e95775e4190722e96d78594e3bd7500c
            • Instruction ID: 11c84ac962bfac1d3e3f6bf1921e280f4780a080860a21bfcd0e6c9db30b0d65
            • Opcode Fuzzy Hash: 29db9e29e85a20634c378d6f7e594186e95775e4190722e96d78594e3bd7500c
            • Instruction Fuzzy Hash: B8C02BB0700204C1FF1A4BB3B4413D412209B0C7C0F486025DE160F320C93CC1D98710
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140023600 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ExceptionFilterUnhandled
            • String ID:
            • API String ID: 3192549508-0
            • Opcode ID: 12a09a6572b507f28eb06b83899dc6345859f3a02e273289c0f5a8ab2bbb5133
            • Instruction ID: 8a2cfb7a60becd5b6d388a39692cd0d19847975afaf430174f4ae598c23b6f62
            • Opcode Fuzzy Hash: 12a09a6572b507f28eb06b83899dc6345859f3a02e273289c0f5a8ab2bbb5133
            • Instruction Fuzzy Hash: F2B01230B11810D1D705AB23ECC13C012A0675C350FD10419D30D82130DA3CC9DF8B04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000C7F4 Relevance: 40.8, APIs: 27, Instructions: 269windowCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 849 14000c7f4-14000c82a 850 14000c8ba-14000c8be 849->850 851 14000c830-14000c8b4 GetModuleHandleW LoadIconW GetSystemMetrics * 2 GetModuleHandleW LoadImageW SendMessageW * 2 849->851 852 14000c8c4-14000c946 GetDlgItem * 2 GetWindowLongPtrW SetWindowLongPtrW GetDlgItem * 2 GetWindowLongPtrW SetWindowLongPtrW 850->852 853 14000c94c-14000c988 GetDlgItem SetWindowTextW call 140005d88 call 14000bd78 850->853 851->850 852->853 858 14000ca2a-14000ca3f call 140002bb4 call 14000b590 853->858 859 14000c98e-14000c991 853->859 877 14000ca44 858->877 860 14000c993-14000c996 859->860 861 14000c9fe-14000ca28 call 140002bb4 call 14000b590 call 14000a8d4 859->861 863 14000c9c5-14000c9ea call 140002bb4 call 14000b590 call 14000a8d4 860->863 864 14000c998-14000c99b 860->864 868 14000ca5e-14000ca62 861->868 912 14000c9ef-14000c9fc call 14000a6c4 863->912 867 14000c9a1-14000c9c0 call 140002bb4 call 14000b590 864->867 864->868 884 14000ca49-14000ca59 call 140002bb4 call 14000b590 867->884 872 14000cb12-14000cb1b 868->872 873 14000ca68-14000ca7c GetWindow 868->873 881 14000cb1d-14000cb20 872->881 882 14000cb4f-14000cb5a GetModuleHandleW 872->882 878 14000ca91-14000ca97 873->878 877->884 888 14000ca99-14000caab GetWindow 878->888 889 14000ca7e-14000ca8b call 140005d88 GetWindow 878->889 890 14000cb22-14000cb25 881->890 891 14000cb48-14000cb4d 881->891 885 14000cb5d-14000cb69 LoadIconW 882->885 884->868 895 14000cb94-14000cba3 call 14000a8d4 885->895 896 14000cb6b-14000cb92 GetDlgItem SendMessageW 885->896 900 14000cad5-14000cadb 888->900 901 14000caad-14000cab8 call 1400041b0 888->901 889->878 902 14000cb41-14000cb46 890->902 903 14000cb27-14000cb2a 890->903 894 14000cb36-14000cb38 891->894 894->885 906 14000cba8-14000cbaf 895->906 896->906 913 14000caea-14000caf6 GetWindow 900->913 925 14000cac2-14000cac4 901->925 926 14000caba-14000cac0 901->926 902->894 910 14000cb3a-14000cb3f 903->910 911 14000cb2c-14000cb2f 903->911 917 14000cbb1-14000cbb4 call 14000af14 906->917 918 14000cbb9-14000cbc7 call 14000b4b4 906->918 910->894 911->895 920 14000cb31 911->920 912->868 915 14000caf8-14000caff 913->915 916 14000cadd-14000cae7 call 140002968 913->916 922 14000cb05-14000cb0d call 14000af14 915->922 923 14000cbce-14000cbf0 call 14000a858 915->923 916->913 917->918 936 14000cbca call 14000aa68 918->936 937 14000cbca call 14000b39c 918->937 920->894 922->923 932 14000cac7-14000cad3 GetWindow 925->932 926->932 932->900 932->901 936->923 937->923
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Window$Item$MessageSend$LongText$??3@HandleLoadModule$IconMetricsSystem$ImageLengthShow
            • String ID:
            • API String ID: 1297775559-0
            • Opcode ID: 230b22909ceeb94f0608847938a818cc85bee1bbae042fdbb68d371aadd9d1da
            • Instruction ID: 1908e9196fab05edd893eeec3b7530b3d652cf60547ec149697d6d8dd5479fb9
            • Opcode Fuzzy Hash: 230b22909ceeb94f0608847938a818cc85bee1bbae042fdbb68d371aadd9d1da
            • Instruction Fuzzy Hash: 4DB17EB571168086FB56EF23B8157E92391E78DBC8F184029BF0A4BBA6DF3CC8059340
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140007834 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 117fileCOMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$File$AttributesChangeCloseCreateDriveExecuteFindNotificationShellTypeWrite
            • String ID: "$" goto Repeat$7ZSfx%03x.cmd$:$:Repeat$\$del "$if exist "$open
            • API String ID: 468898492-2163742583
            • Opcode ID: 5111a49f367fcdcbf87e6656306f522d5f19602045a4121188601974b1e97d08
            • Instruction ID: c2acf72f743c7c88f75e501aed890f389f98254632e1fdf2c35ab60dd80480a0
            • Opcode Fuzzy Hash: 5111a49f367fcdcbf87e6656306f522d5f19602045a4121188601974b1e97d08
            • Instruction Fuzzy Hash: BB518972214A8092EB12DB22F4807EAA370F7C97C4F908115F78D479A9DFB9CA09CB41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000AA68 Relevance: 30.3, APIs: 20, Instructions: 285COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 979 14000aa68-14000aabe GetDlgItem GetWindowLongPtrW 980 14000aaf8 979->980 981 14000aac0-14000aaf6 GetDlgItem call 1400025e0 979->981 983 14000ab00-14000ab23 GetDlgItem GetWindowLongPtrW 980->983 981->983 985 14000ab25-14000ab56 GetDlgItem call 1400025e0 983->985 986 14000ab5d-14000ab5f 983->986 985->986 988 14000ab61-14000ab64 986->988 989 14000ab73-14000ab75 986->989 988->989 993 14000ab66-14000ab69 988->993 990 14000ab77-14000ab79 989->990 991 14000ab90-14000ab98 989->991 994 14000ab87-14000ab8c 990->994 995 14000ab7b-14000ab7e 990->995 996 14000ab9a 991->996 997 14000ab9e-14000ac01 GetSystemMetrics * 4 GetParent 991->997 998 14000ab6b-14000ab6e 993->998 999 14000ab70 993->999 994->991 995->994 1000 14000ab80-14000ab85 995->1000 996->997 1001 14000ac72-14000aca3 SetWindowPos 997->1001 1002 14000ac03-14000ac42 GetClientRect ClientToScreen * 2 997->1002 998->989 999->989 1000->991 1005 14000ad32-14000ad4c 1001->1005 1006 14000aca9-14000acfd call 14000aa08 GetDlgItem call 1400025e0 1001->1006 1003 14000ac52-14000ac5d 1002->1003 1004 14000ac44-14000ac4f 1002->1004 1008 14000ac6b-14000ac6f 1003->1008 1009 14000ac5f-14000ac69 1003->1009 1004->1003 1007 14000ad50-14000ad66 call 14000aa08 1005->1007 1018 14000ad0b 1006->1018 1019 14000acff-14000ad09 1006->1019 1016 14000ae2a-14000ae63 GetSystemMetrics * 2 1007->1016 1017 14000ad6c-14000ad7d GetClientRect 1007->1017 1008->1001 1009->1008 1020 14000adf5-14000ae1f 1017->1020 1021 14000ad7f-14000ad82 1017->1021 1023 14000ad0e-14000ad30 1018->1023 1019->1023 1022 14000ae22-14000ae25 call 14000aa08 1020->1022 1021->1020 1024 14000ad84-14000adb6 call 14000aa08 1021->1024 1022->1016 1023->1007 1027 14000adbb-14000adf3 GetDlgItem call 1400025e0 1024->1027 1027->1022
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Item$ClientMetricsSystem$Window$Screen$Rect$LongParent
            • String ID:
            • API String ID: 3236151763-0
            • Opcode ID: 025e47d761893ee3653c3497d4f0533d9b1854fe2d563d47e8164a9c013cf852
            • Instruction ID: 369a408b8412ce97b511fc1b5ae79844d77352fe4683048695a2f3e38f7c1b89
            • Opcode Fuzzy Hash: 025e47d761893ee3653c3497d4f0533d9b1854fe2d563d47e8164a9c013cf852
            • Instruction Fuzzy Hash: D8C19AB66146418BD725DF2AF44479EBBA1F38D784F104129EF8A83B68DB7DE845CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001EAC Relevance: 18.3, APIs: 12, Instructions: 306COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1392 140001eac-140001ee2 1393 140001ee4-140001ee9 1392->1393 1394 140001eee-140001ef5 1392->1394 1395 140002326-140002347 1393->1395 1396 140001f01-140001f2c 1394->1396 1397 140001ef7-140001efd 1394->1397 1400 140001f32-140001f57 call 1400011b4 1396->1400 1401 14000231a-140002324 call 140018358 1396->1401 1397->1396 1406 140001f5d-140001f62 1400->1406 1407 140002300-14000230e 1400->1407 1401->1395 1406->1407 1408 140001f68-140001f94 call 1400014a0 call 140001974 1406->1408 1412 140002310-140002315 ??3@YAXPEAX@Z 1407->1412 1415 140001f96-140001fb0 call 1400011b4 1408->1415 1416 140001fcf-140001fdc ??3@YAXPEAX@Z 1408->1416 1412->1401 1423 140001fb4-140001fc7 1415->1423 1418 140001fe2-14000200b 1416->1418 1419 1400022e4 1416->1419 1427 140002011-14000201a 1418->1427 1428 1400022d8-1400022e2 call 140018358 1418->1428 1420 1400022e8-1400022fe ??3@YAXPEAX@Z call 140018358 1419->1420 1420->1395 1423->1423 1426 140001fc9-140001fcc 1423->1426 1426->1416 1430 140002022-140002026 1427->1430 1431 14000201c-140002020 1427->1431 1428->1412 1433 140002028 1430->1433 1434 14000203b-14000203f 1430->1434 1432 140002042-14000205f 1431->1432 1432->1428 1439 140002065-140002091 1432->1439 1436 14000202d-140002036 1433->1436 1434->1432 1440 1400022d6 1436->1440 1439->1428 1442 140002097-14000209f 1439->1442 1440->1428 1443 1400020a1-1400020a4 1442->1443 1444 1400020bb-1400020d2 GetLocalTime SystemTimeToFileTime 1442->1444 1446 1400020a6-1400020ab 1443->1446 1447 1400020ad-1400020b9 1443->1447 1445 1400020d8-1400020e0 1444->1445 1448 1400020e2-1400020ea call 140004c64 1445->1448 1449 1400020fa-140002105 call 140004620 1445->1449 1446->1436 1447->1445 1454 1400022a6-1400022bd call 140018358 ??3@YAXPEAX@Z 1448->1454 1455 1400020f0-1400020f5 1448->1455 1456 14000210b-14000210e 1449->1456 1457 1400022bf-1400022d0 GetLastError 1449->1457 1454->1401 1455->1436 1459 1400022a2 1456->1459 1460 140002114-140002124 ??2@YAPEAX_K@Z 1456->1460 1457->1440 1459->1454 1462 140002126-140002139 1460->1462 1463 14000213b 1460->1463 1464 14000213e-140002145 1462->1464 1463->1464 1465 140002147-14000214a 1464->1465 1466 140002150-140002163 call 140018224 1464->1466 1465->1466 1468 140002168-14000216b 1466->1468 1469 140002271-140002274 1468->1469 1470 140002171-140002199 GetLastError call 1400011b4 1468->1470 1472 140002276-140002279 1469->1472 1473 14000227f-140002286 1469->1473 1478 14000219e-1400021b1 1470->1478 1472->1473 1474 140002288 1473->1474 1475 14000228e-1400022a0 call 140018358 1473->1475 1474->1475 1475->1420 1478->1478 1480 1400021b3-1400021ca call 1400040c8 1478->1480 1483 1400021cc-1400021d7 1480->1483 1484 140002200-14000221c call 140004c64 1480->1484 1487 1400021dd-1400021ec ??3@YAXPEAX@Z 1483->1487 1488 14000222e-140002249 call 140018224 1484->1488 1489 14000221e-14000222c 1484->1489 1487->1428 1490 1400021f2-1400021fb 1487->1490 1495 140002267-14000226c ??3@YAXPEAX@Z 1488->1495 1496 14000224b-140002262 GetLastError 1488->1496 1489->1487 1490->1428 1495->1469 1496->1487
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: e98ab00b73688e068dea67750d4801ea79e1c4a600f14e831cb8fa7c40ff978b
            • Instruction ID: e9a6f6f0e99161eb75aa7f14f9fa2e7700f4eecc7ee99dc7bf13f8221d623660
            • Opcode Fuzzy Hash: e98ab00b73688e068dea67750d4801ea79e1c4a600f14e831cb8fa7c40ff978b
            • Instruction Fuzzy Hash: 93D14A76214A8482DB61DF66E0803EEB7A1F788BD0F504112FB8A57BB5DF39C956C701
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014002328C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 130sleepCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1498 14002328c-1400232bd GetStartupInfoW 1499 1400232bf-1400232ca 1498->1499 1500 1400232e5-1400232ee 1499->1500 1501 1400232cc-1400232cf 1499->1501 1502 1400232fa-140023302 1500->1502 1503 1400232f0-1400232f8 _amsg_exit 1500->1503 1504 1400232d1-1400232d6 1501->1504 1505 1400232d8-1400232e3 Sleep 1501->1505 1507 140023304-140023321 1502->1507 1508 140023355 1502->1508 1506 14002335f-140023368 1503->1506 1504->1500 1505->1499 1509 140023387-140023389 1506->1509 1510 14002336a-14002337d _initterm 1506->1510 1511 140023325-140023328 1507->1511 1508->1506 1512 140023394-14002339c 1509->1512 1513 14002338b-14002338d 1509->1513 1510->1509 1514 140023347-140023349 1511->1514 1515 14002332a-14002332c 1511->1515 1516 1400233bd-1400233cc 1512->1516 1517 14002339e-1400233ac call 140023698 1512->1517 1513->1512 1514->1506 1519 14002334b-140023350 1514->1519 1515->1514 1518 14002332e-140023334 1515->1518 1523 1400233d0-1400233d3 1516->1523 1517->1516 1528 1400233ae-1400233b5 1517->1528 1521 140023336 call 140023600 1518->1521 1522 14002333c-140023345 1518->1522 1524 1400234a9-1400234be 1519->1524 1531 140023338 1521->1531 1522->1511 1526 140023448-14002344b 1523->1526 1527 1400233d5-1400233d8 1523->1527 1529 14002345a-140023465 _ismbblead 1526->1529 1530 14002344d-140023456 1526->1530 1532 1400233da-1400233dc 1527->1532 1533 1400233de-1400233e1 1527->1533 1528->1516 1534 140023467-14002346a 1529->1534 1535 14002346f-140023477 1529->1535 1530->1529 1531->1522 1532->1526 1532->1533 1536 1400233e3-1400233e6 1533->1536 1537 1400233f2-140023427 call 14000a34c 1533->1537 1534->1535 1535->1523 1535->1524 1536->1537 1539 1400233e8-1400233f0 1536->1539 1541 140023431-140023438 1537->1541 1542 140023429-14002342b exit 1537->1542 1539->1533 1543 140023446 1541->1543 1544 14002343a-140023440 _cexit 1541->1544 1542->1541 1543->1524 1544->1543
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: InfoSleepStartup_amsg_exit_cexit_initterm_ismbbleadexit
            • String ID: MZ`
            • API String ID: 4226152999-2330268423
            • Opcode ID: ed595b863fa2b2b2b1a30745f0382519c85c7d08017929ca237b7209b8ed5393
            • Instruction ID: d6a55b3e83bdc9c209881f0a881d1bc4d9882899e88dd1fca6d04e187958d7bd
            • Opcode Fuzzy Hash: ed595b863fa2b2b2b1a30745f0382519c85c7d08017929ca237b7209b8ed5393
            • Instruction Fuzzy Hash: 3D51343261568086F763DB22E9543EA77A4F74CBD0F440019FB4A936B0DB78CE84CB02
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000252C Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 42timewindowCOMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessageTimerWindow$CreateDestroyDispatchHandleKillModule
            • String ID: Static
            • API String ID: 1156981321-2272013587
            • Opcode ID: 8b5d70c0ab82d035e66b0e25e51935182117c4989160dc9bb5dd70cc523b7953
            • Instruction ID: d0d38201065a0f6c45c2d774da11ab6e4765d6954ce13fe1e266fe3997452c5a
            • Opcode Fuzzy Hash: 8b5d70c0ab82d035e66b0e25e51935182117c4989160dc9bb5dd70cc523b7953
            • Instruction Fuzzy Hash: 53115E32614B8587E765CF76F85579A77A0FB8C785F400229BB8A87A65EF3CC448CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000BFE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98windowCOMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@Item$??2@MessageSendTextWindowwsprintf
            • String ID: %d%%
            • API String ID: 2523864657-1518462796
            • Opcode ID: 7a1e47a64a861bb18f74371ded62823702c003e5eb072c254bd3990f658e8273
            • Instruction ID: ee99228d9c6b07caf3aa755007f199285e8574d04f769176d592a10f0abc269a
            • Opcode Fuzzy Hash: 7a1e47a64a861bb18f74371ded62823702c003e5eb072c254bd3990f658e8273
            • Instruction Fuzzy Hash: 0A4147B6625A8082EB56DB17E8843D96361F78CBC4F849026FF4A477A6DF3CD915C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A910 Relevance: 12.1, APIs: 8, Instructions: 70COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1629 14000a910-14000a94a GetDC 1630 14000a9e7-14000aa05 1629->1630 1631 14000a950-14000a9bf GetSystemMetrics * 3 SelectObject DrawTextW 1629->1631 1632 14000a9c1 1631->1632 1633 14000a9c5-14000a9c8 1631->1633 1632->1633 1634 14000a9ca 1633->1634 1635 14000a9cd-14000a9e1 SelectObject ReleaseDC 1633->1635 1634->1635 1635->1630
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: MetricsSystem$ObjectSelect$DrawReleaseText
            • String ID:
            • API String ID: 2466489532-0
            • Opcode ID: 212ebf79ee84d7d1206f2bd4f633f06da61df4060c7ba716baeaa0a612a14154
            • Instruction ID: 6fdc208c196e79815fa99ac3444dcdc670a98afdbec5e2efd68a2c8f262fee81
            • Opcode Fuzzy Hash: 212ebf79ee84d7d1206f2bd4f633f06da61df4060c7ba716baeaa0a612a14154
            • Instruction Fuzzy Hash: B9213B76600A949BD705DF63E94479AB7A0F348BD8F508518EF5643B64CF3CE4A6CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000AF8C Relevance: 12.1, APIs: 8, Instructions: 65COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: CapsDeviceDialogHandleIndirectInfoModuleParamParametersReleaseSystemmemcpy
            • String ID:
            • API String ID: 2693764856-0
            • Opcode ID: 75830c3599faa66da3a2a5566216bdd716f4cc8a0b673d9ba80179367551409f
            • Instruction ID: b5a02b2fd7d579394d0b4a516212713012cfd4d14319e6251bb4a295acc5d9a5
            • Opcode Fuzzy Hash: 75830c3599faa66da3a2a5566216bdd716f4cc8a0b673d9ba80179367551409f
            • Instruction Fuzzy Hash: 7C317E7620478086E7669F22F8147DA73A4F78CBC4F444029EB8A43B64DF7CC945CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400211D0 Relevance: 10.7, APIs: 7, Instructions: 213COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1644 1400211d0-14002126c call 14001cf30 call 1400186a8 * 5 1657 14002128c-1400212aa call 140022910 1644->1657 1658 14002126e-14002128b _CxxThrowException 1644->1658 1661 1400212ac-1400212c9 _CxxThrowException 1657->1661 1662 1400212ca-1400212dc 1657->1662 1658->1657 1661->1662 1663 1400212e5-1400212ed 1662->1663 1664 1400212de-1400212e0 1662->1664 1666 1400212f9-1400212fc 1663->1666 1667 1400212ef-1400212f4 1663->1667 1665 140021550-14002156b 1664->1665 1666->1667 1668 1400212fe-140021305 1666->1668 1667->1665 1668->1667 1669 140021307-140021317 call 140018a74 1668->1669 1670 14002131a-14002131c 1669->1670 1670->1665 1671 140021322-14002135b call 14000f930 call 14001a0b0 1670->1671 1676 140021544-14002154e ??3@YAXPEAX@Z 1671->1676 1677 140021361-140021384 call 140022910 1671->1677 1676->1665 1680 1400213a4-1400213f1 call 14001f750 call 14001e048 1677->1680 1681 140021386-1400213a3 _CxxThrowException 1677->1681 1686 1400213f7-1400213fb 1680->1686 1687 1400214fb 1680->1687 1681->1680 1689 14002141b-14002144c call 14002028c 1686->1689 1690 1400213fd-14002141a _CxxThrowException 1686->1690 1688 140021503-14002151f call 140020788 1687->1688 1695 140021521-14002153f call 1400186a8 call 140018794 call 14001f700 1688->1695 1689->1695 1696 140021452-140021458 1689->1696 1690->1689 1695->1676 1697 140021484-140021487 1696->1697 1698 14002145a-14002147f call 1400186a8 call 140018794 call 14001f700 1696->1698 1702 1400214a7-1400214db call 14001f700 call 14001f750 call 14001e048 1697->1702 1703 140021489-1400214a6 _CxxThrowException 1697->1703 1698->1676 1702->1688 1718 1400214dd-1400214fa _CxxThrowException 1702->1718 1703->1702 1718->1687
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ExceptionThrow$??3@
            • String ID:
            • API String ID: 3542664073-0
            • Opcode ID: 09cb88822c40286a4243dbc931dd126553488028dac59cb05aaf1b2b78d99b7f
            • Instruction ID: af14aa8b64514ce2e07e2698f8e589b1a5022d734576afd1b2c0c6a739d0f158
            • Opcode Fuzzy Hash: 09cb88822c40286a4243dbc931dd126553488028dac59cb05aaf1b2b78d99b7f
            • Instruction Fuzzy Hash: EEA19C32208BC592EA62DB56E5443DEB764FB987C0F40051AFB8D47BAADF38C959C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001E9BC Relevance: 9.1, APIs: 6, Instructions: 143COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1720 14001e9bc-14001e9f7 call 14001a0b0 1723 14001e9fd-14001ea0d 1720->1723 1724 14001eb90-14001eba4 1720->1724 1725 14001ea10-14001ea1a 1723->1725 1726 14001ea4c-14001ea72 ??2@YAPEAX_K@Z ??3@YAXPEAX@Z memcpy 1725->1726 1727 14001ea1c-14001ea2a 1725->1727 1728 14001ea76-14001ea79 1726->1728 1727->1725 1729 14001ea2c-14001ea43 call 140022910 1727->1729 1730 14001ea8c-14001eaa6 1728->1730 1731 14001ea7b-14001ea86 1728->1731 1729->1726 1735 14001ea45-14001ea47 1729->1735 1737 14001eb84 1730->1737 1738 14001eaac-14001eab2 1730->1738 1731->1730 1733 14001eb86-14001eb8e ??3@YAXPEAX@Z 1731->1733 1733->1724 1735->1724 1737->1733 1738->1733 1739 14001eab8-14001eabf 1738->1739 1740 14001eac1 1739->1740 1741 14001eb2c-14001eb4e memcpy 1739->1741 1742 14001eacc-14001ead0 1740->1742 1741->1728 1743 14001ead2-14001ead4 1742->1743 1744 14001eac3-14001eac5 1742->1744 1743->1741 1746 14001ead6-14001eae7 1743->1746 1744->1741 1745 14001eac7-14001eac9 1744->1745 1745->1742 1747 14001eaea-14001eaf4 1746->1747 1748 14001eb23-14001eb2a 1747->1748 1749 14001eaf6-14001eb04 1747->1749 1748->1741 1748->1742 1749->1747 1750 14001eb06-14001eb1d call 140022910 1749->1750 1753 14001eb53-14001eb81 memcpy call 140018a74 1750->1753 1754 14001eb1f 1750->1754 1753->1737 1754->1748
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: memcpy$??3@$??2@
            • String ID:
            • API String ID: 3516945703-0
            • Opcode ID: 0fed28a95f6e67d2c8ed636bd7e374487fedc9119edf4c3f38359bae781cb006
            • Instruction ID: cab2f284b1ac7b0065801a45e3e5ffcbb27f7237741dfbe3d19e62b1e34d98d2
            • Opcode Fuzzy Hash: 0fed28a95f6e67d2c8ed636bd7e374487fedc9119edf4c3f38359bae781cb006
            • Instruction Fuzzy Hash: 2C51DE3230468096EB26CF27E080BDE2795FB89BC4F894026EF0D4B7A5DF3AD9058701
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400055A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155COMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$lstrlenmemcmp$??2@memcpy
            • String ID: amd64$x64
            • API String ID: 2116704905-3265184354
            • Opcode ID: ec4c4eec92d58ce735ce6cc372901221ff938103c1975b9c3afbcbf5ded7a40b
            • Instruction ID: 858c2603046fe0cde43b8e0567e61fbb2fe352125c52bba6d22330217fc3f120
            • Opcode Fuzzy Hash: ec4c4eec92d58ce735ce6cc372901221ff938103c1975b9c3afbcbf5ded7a40b
            • Instruction Fuzzy Hash: 79614976614B8596DB11EF22B4407DEB3A5F7897C8F849026FB8907769CE39C949CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140005E24 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
            Download Yara Rule
            APIs
            • #17.COMCTL32 ref: 0000000140005E36
              • Part of subcall function 0000000140002B44: GetUserDefaultUILanguage.KERNEL32(?,?,?,?,0000000140002CE8), ref: 0000000140002B54
              • Part of subcall function 0000000140002BB4: GetLastError.KERNEL32 ref: 0000000140002C1B
              • Part of subcall function 0000000140002BB4: wsprintfW.USER32 ref: 0000000140002C32
              • Part of subcall function 0000000140002BB4: GetEnvironmentVariableW.KERNEL32 ref: 0000000140002C42
              • Part of subcall function 0000000140002BB4: GetLastError.KERNEL32 ref: 0000000140002C4A
              • Part of subcall function 0000000140002BB4: ??2@YAPEAX_K@Z.MSVCRT ref: 0000000140002C69
              • Part of subcall function 0000000140002BB4: GetEnvironmentVariableW.KERNEL32 ref: 0000000140002C7D
              • Part of subcall function 0000000140002BB4: GetLastError.KERNEL32 ref: 0000000140002C87
              • Part of subcall function 0000000140002BB4: lstrcmpiW.KERNEL32 ref: 0000000140002C9E
              • Part of subcall function 0000000140002BB4: ??3@YAXPEAX@Z.MSVCRT ref: 0000000140002CAD
              • Part of subcall function 0000000140002BB4: SetLastError.KERNEL32 ref: 0000000140002CC3
              • Part of subcall function 0000000140002BB4: lstrlenA.KERNEL32 ref: 0000000140002CF8
              • Part of subcall function 0000000140002BB4: ??2@YAPEAX_K@Z.MSVCRT ref: 0000000140002D15
              • Part of subcall function 0000000140002BB4: GetLocaleInfoW.KERNEL32 ref: 0000000140002D4B
              • Part of subcall function 0000000140002BB4: _wtol.MSVCRT ref: 0000000140002D5D
              • Part of subcall function 0000000140002BB4: MultiByteToWideChar.KERNEL32 ref: 0000000140002D8D
            • SHGetSpecialFolderPathW.SHELL32 ref: 0000000140005EDF
            • wsprintfW.USER32 ref: 0000000140005EF8
              • Part of subcall function 00000001400044D4: ??2@YAPEAX_K@Z.MSVCRT ref: 0000000140004545
              • Part of subcall function 00000001400044D4: ??3@YAXPEAX@Z.MSVCRT ref: 00000001400045BF
              • Part of subcall function 00000001400044D4: ??3@YAXPEAX@Z.MSVCRT ref: 00000001400045C9
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast$??2@??3@$EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
            • String ID: SfxFolder%02d
            • API String ID: 3019347271-528147737
            • Opcode ID: 5e04a7a79fe4429cfa42dadccbaaf6a8f015b2ae2ced68cab7a373acd5794ecd
            • Instruction ID: 7ef698dd5e6699704ad77cf79c85a1a8b12948f7c29a833cdc5a375579afbdaf
            • Opcode Fuzzy Hash: 5e04a7a79fe4429cfa42dadccbaaf6a8f015b2ae2ced68cab7a373acd5794ecd
            • Instruction Fuzzy Hash: 0B3129B2600B8582FB26EB52F8957D92360F7897C4F404029F7890B7B6EF79C954C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400038C4 Relevance: 6.4, APIs: 5, Instructions: 116stringCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: lstrlenmemcmp$memcpy
            • String ID:
            • API String ID: 4028117624-0
            • Opcode ID: e61e7cd68d7093f4e5a67f569cf27875338d7cf8ea487269455bbe03944e1053
            • Instruction ID: 6a2b3e63620bd6df988fbf07d4f22db1189dba812221ae4ed225a5cfa453c9d2
            • Opcode Fuzzy Hash: e61e7cd68d7093f4e5a67f569cf27875338d7cf8ea487269455bbe03944e1053
            • Instruction Fuzzy Hash: 8C41B2B371858082D722DF5BB8807DEB655B399BC4F544026FFC983B69EA78C9898700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001B04 Relevance: 6.1, APIs: 4, Instructions: 104synchronizationthreadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: FormatMessagelstrcpylstrlen$??2@??3@CreateErrorFreeLastLocalObjectSingleThreadWaitwvsprintf
            • String ID:
            • API String ID: 359084233-0
            • Opcode ID: b6197c98bc005501fa2e1716cbaabd79c9b7341934d991dbd4dc0e7a568260a6
            • Instruction ID: 27d848ed42aebee92a4011adddb7b2aaace4ff63501981991b1408dc0c656728
            • Opcode Fuzzy Hash: b6197c98bc005501fa2e1716cbaabd79c9b7341934d991dbd4dc0e7a568260a6
            • Instruction Fuzzy Hash: 47417CB1254A0482FB2ACF57F8447E972A1FB8C7C4F648129FB4647AF4EB79C9418B01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140006474 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: PathTemp$??2@??3@AttributesFilewsprintf
            • String ID:
            • API String ID: 51045435-0
            • Opcode ID: 372883a48bc59b80761ec0e1d9cde3a8fbb5548a572dbf835d8af5daa7977482
            • Instruction ID: 2747d159bf7277949935cb4fba0d2b6d855d351c5a4bb5df8e8923f6663874f5
            • Opcode Fuzzy Hash: 372883a48bc59b80761ec0e1d9cde3a8fbb5548a572dbf835d8af5daa7977482
            • Instruction Fuzzy Hash: 8E318DB3610A4086EB12DF26E89139D73A2F798FD5F05D015EB0A5B3A9DB39D882C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B39C Relevance: 6.1, APIs: 4, Instructions: 62COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Item$MetricsSystem$ClientLongRectWindow
            • String ID:
            • API String ID: 2818034528-0
            • Opcode ID: 643f2e51a7e994640d157db5d00295b4a2b3d1e7ddbb431dc2ebd41bfbea7cda
            • Instruction ID: 9ed6c8e37730cbddc61f1c54344563a69f3f242d93f6c81de5cfff2f4b9b3693
            • Opcode Fuzzy Hash: 643f2e51a7e994640d157db5d00295b4a2b3d1e7ddbb431dc2ebd41bfbea7cda
            • Instruction Fuzzy Hash: 4B21667260464087EB11EB26F44078ABBA1F7CABD8F244215FB9857BA9CB3DD941CB44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A780 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
            • String ID:
            • API String ID: 1900162674-0
            • Opcode ID: b6ca30374ed028c7f038b40dc9744ed113779794d33a9d0887d5051d2b3d9e53
            • Instruction ID: 5ef3e011ceba434435382d4f3344423d473e7240348f60068a6af8f641b29f0a
            • Opcode Fuzzy Hash: b6ca30374ed028c7f038b40dc9744ed113779794d33a9d0887d5051d2b3d9e53
            • Instruction Fuzzy Hash: CC21277660468097D351CF12F888B9AB7A1F788BC4F558125FF5A43B68DB38D946CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140005D88 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@TextWindow$Length
            • String ID:
            • API String ID: 2308334395-0
            • Opcode ID: 105e684ef15643b8deb3fd5b083e3443adf536ba9838d5972069230a3aba27dc
            • Instruction ID: c6042e238f6d5bcaae7a22b62415e518ecf74784a4012f6ef476573d8baa93b1
            • Opcode Fuzzy Hash: 105e684ef15643b8deb3fd5b083e3443adf536ba9838d5972069230a3aba27dc
            • Instruction Fuzzy Hash: EC01DAB222458592DE12EB12F8913DA6320FBDD784F805122FB8D475BADE7CCA19CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B590 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@TextWindow$Item$Length
            • String ID:
            • API String ID: 4031798017-0
            • Opcode ID: f946bd3d82d6762de180bf62ed1a17fb003f2ae37c7c078ffe808206a346cabd
            • Instruction ID: f2e7a972c93cfe19f5f90a5de08a3d268fbff9f9fd9ff7ba848afb97885aaba9
            • Opcode Fuzzy Hash: f946bd3d82d6762de180bf62ed1a17fb003f2ae37c7c078ffe808206a346cabd
            • Instruction Fuzzy Hash: BEF05E35700B9082EB15EB23F8443696360FB8CFC0F548429AF5E47B25DE38C8518700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002348 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast$AttributesCreateDirectoryFile
            • String ID:
            • API String ID: 635176117-0
            • Opcode ID: 2e72eff63048d5be1a137730bfc303a42d9ebbc38b115248ad16f29b83008764
            • Instruction ID: 941f0f6c93d4fe9cb2f68f3b71bb04260c7cb6d7fca5935110114c9f6ad7ed66
            • Opcode Fuzzy Hash: 2e72eff63048d5be1a137730bfc303a42d9ebbc38b115248ad16f29b83008764
            • Instruction Fuzzy Hash: CFF06DB060460282FB6AD77778093FC2295AB9DBD1F990824F7268B1F0EF3C8E854600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001CF0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@
            • String ID:
            • API String ID: 1033339047-0
            • Opcode ID: 0931507443d6beb5a26d35151831a05a806604f2c30b384a50b542bfb01cee52
            • Instruction ID: 18368b84559fe52b797553ab10825a645127ce042fc940a1ff3d3d74138d48a9
            • Opcode Fuzzy Hash: 0931507443d6beb5a26d35151831a05a806604f2c30b384a50b542bfb01cee52
            • Instruction Fuzzy Hash: AA5103B6215A8582EB5ADF27E5503ED63A1BBCDBC4F44802AEF0A477B4DF38C9058700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400044D4 Relevance: 4.6, APIs: 3, Instructions: 69COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@
            • String ID:
            • API String ID: 4113381792-0
            • Opcode ID: c8c9bb79b1bf3efdb9ae2a2846766a3f6b1418794eeac664f8b7a7e974b0e512
            • Instruction ID: 6673555f7bade080fbe1112363bc78707da94d2d1b9e163b3019869a8437c1e7
            • Opcode Fuzzy Hash: c8c9bb79b1bf3efdb9ae2a2846766a3f6b1418794eeac664f8b7a7e974b0e512
            • Instruction Fuzzy Hash: 05313E72614A4086EB52EF22E4953DE73A1F78DBC0F944125FB4D87BAADE38C905CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140007A74 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: 8f5bf36786b7a45fdfe7a3f9f5718dc96fedc90bc733df27a9c6dc8f0856823f
            • Instruction ID: fbb809cce0bcb385a085d9411b91318afdc9c14bdc8ceb4f7dfb5f4d013c2e71
            • Opcode Fuzzy Hash: 8f5bf36786b7a45fdfe7a3f9f5718dc96fedc90bc733df27a9c6dc8f0856823f
            • Instruction Fuzzy Hash: AE219D3271068486E361CF1BE581B9EB364F788BD4F688425FF4847B66CB38D9528B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B4B4 Relevance: 4.6, APIs: 3, Instructions: 59COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: MetricsSystem$Item
            • String ID:
            • API String ID: 56695849-0
            • Opcode ID: eb22a1c543e4b1617927f3f26526e1edbe9f69337d71829e8a18da452aa58342
            • Instruction ID: a07e11810b967e23bad0553dbc1f8a25a03c1330a99bb6e080e7b544c44f4e48
            • Opcode Fuzzy Hash: eb22a1c543e4b1617927f3f26526e1edbe9f69337d71829e8a18da452aa58342
            • Instruction Fuzzy Hash: 97213773604A55CBDB50CF26E44039EB7B0F388F99F058116EB8953628EB78E946CF80
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A510 Relevance: 4.5, APIs: 3, Instructions: 45windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: LongWindow$MessageSend
            • String ID:
            • API String ID: 2178440468-0
            • Opcode ID: 5e77a48b9390bfecb989d20b45378624cd302e26884958faafc982fa5068f24c
            • Instruction ID: b5a29ed504c0212ceecf4c7354b3e301356e5d32d3d612a452483e6c59b4c276
            • Opcode Fuzzy Hash: 5e77a48b9390bfecb989d20b45378624cd302e26884958faafc982fa5068f24c
            • Instruction Fuzzy Hash: 47013532610F908AE7548F13A880B9977A1F78EFC0F585128EF4A13B64CF38D852C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A858 Relevance: 4.5, APIs: 3, Instructions: 33COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Window$ParentRect
            • String ID:
            • API String ID: 4286822721-0
            • Opcode ID: 7aed9bf43e54fcdfd56c3e04cddae3b643a27c953486d2c787dc8b4dde8ded6c
            • Instruction ID: 5af7d319ebe9c9f9547611065177959ae22408f7e8b6a6c786e068d2d0f5a45d
            • Opcode Fuzzy Hash: 7aed9bf43e54fcdfd56c3e04cddae3b643a27c953486d2c787dc8b4dde8ded6c
            • Instruction Fuzzy Hash: A5016272224940CBE710CF3AE84875A77B1F788B89F194114EB8887668CF3DD845CF00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140003074 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: GlobalMemoryStatus
            • String ID: @
            • API String ID: 1890195054-2766056989
            • Opcode ID: 0c8148a405d0491f8f8bee87c6b59593e1dddf4b1f1ef8662aeb9e36fd4e39f7
            • Instruction ID: e0e8d83febbd95f6b33e07ff757352145e733e90624ddd0b8ca01a25266c3cf7
            • Opcode Fuzzy Hash: 0c8148a405d0491f8f8bee87c6b59593e1dddf4b1f1ef8662aeb9e36fd4e39f7
            • Instruction Fuzzy Hash: 8CF030B071714441FF67E763BA253E526A4A75D394F050518FB96472F1DBB889448600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001D9C8 Relevance: 3.2, APIs: 2, Instructions: 160COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@
            • String ID:
            • API String ID: 4113381792-0
            • Opcode ID: 6114a1cf0c9b5fba6b60770e997c6d232c75977d0cfad6c836d8b218ace9d880
            • Instruction ID: 8afd40be470a3a8d9c230a38eb8dfb67bb16c70cef032110e56ae5b520b1479e
            • Opcode Fuzzy Hash: 6114a1cf0c9b5fba6b60770e997c6d232c75977d0cfad6c836d8b218ace9d880
            • Instruction Fuzzy Hash: 82713932204B4482EB25DB26E49039DB7B0FB88FD4F554526EB9A4BBA5CF39C959C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001700 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@
            • String ID:
            • API String ID: 1033339047-0
            • Opcode ID: daf85b05a7e210f2b91abca817817a0327310914d90ac4ce6430109b1cafb949
            • Instruction ID: 8938c7a33d25e79972656856ed1f4af85985c5348028cf9830efdc7ff641a4ed
            • Opcode Fuzzy Hash: daf85b05a7e210f2b91abca817817a0327310914d90ac4ce6430109b1cafb949
            • Instruction Fuzzy Hash: 75413776605B4082EB62DF62E5843E963A1F78DBC4F448129EB5D07BA0EF38CA55C701
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000C180 Relevance: 3.1, APIs: 2, Instructions: 59windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ItemMessageSend$??3@DialogTextWindowwsprintf
            • String ID:
            • API String ID: 3294831176-0
            • Opcode ID: ccd341f24d52d5ade3a8783749d759afcb342290cd9dc4ac46513fcabb57290f
            • Instruction ID: 7eb77c6dd9b52cb1aae203efd7a0c60e12f0f36231aa2cdf2a8cf8ffca969e72
            • Opcode Fuzzy Hash: ccd341f24d52d5ade3a8783749d759afcb342290cd9dc4ac46513fcabb57290f
            • Instruction Fuzzy Hash: 44216876211A9482EB54CFABE444B987360F78CFC4F288026EF4D87B69CE35C846C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B8A4 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: 76852fe4f132218d68ab71e6ced5b507dbe40b00dba26bbe5d7873b6fb8ee687
            • Instruction ID: b1aff4010e78743c431d5e59611608f6ca8b1ad0cc141627bd8f1a978c66b8e5
            • Opcode Fuzzy Hash: 76852fe4f132218d68ab71e6ced5b507dbe40b00dba26bbe5d7873b6fb8ee687
            • Instruction Fuzzy Hash: D2113972215B8482DA51EB12F55039EA3A0FB9DBC0F444121FF8E43BAADF38C6218B40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A5AC Relevance: 3.0, APIs: 2, Instructions: 40COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: HookUnhookWindows
            • String ID:
            • API String ID: 2953937349-0
            • Opcode ID: 3c3546fcae038cb0794d7b9ae0fe09a7c69f98e11c6f5d805a898245fe1a76be
            • Instruction ID: 9800168be731374f00ca817fda60fbe59995035cea47002d94ac4e94fb180046
            • Opcode Fuzzy Hash: 3c3546fcae038cb0794d7b9ae0fe09a7c69f98e11c6f5d805a898245fe1a76be
            • Instruction Fuzzy Hash: 0001C0B260190485EF67DB67E8583A827B1BB4DFC5F194115E709076B4DE7E88988300
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400011B4 Relevance: 3.0, APIs: 2, Instructions: 40COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@??3@
            • String ID:
            • API String ID: 1936579350-0
            • Opcode ID: 3de9ed5e5e67ce5b26cba949b84d8c335606611e244a320a7dd47becb13e48e7
            • Instruction ID: 7f1f6a3972fdf26489c0ac8fef3e41d4abe5a3f8c6c0a306314698f9579e5899
            • Opcode Fuzzy Hash: 3de9ed5e5e67ce5b26cba949b84d8c335606611e244a320a7dd47becb13e48e7
            • Instruction Fuzzy Hash: AF01447261065082E750CF26E15175DB3A1E788FE9F04C215FB65477E9CA39D4A1CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001380 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: DialogSleep
            • String ID:
            • API String ID: 2355613043-0
            • Opcode ID: 1cb553221fa8f9c5a90764fb7f989e42ab51d79b0e3b2f5bd109c36b9426aff5
            • Instruction ID: 3f4e43cb26f79c7ba400e7c12c40e50675289961b497b396f353671a8d16ca53
            • Opcode Fuzzy Hash: 1cb553221fa8f9c5a90764fb7f989e42ab51d79b0e3b2f5bd109c36b9426aff5
            • Instruction Fuzzy Hash: 73011D7630064486EB52DF27A5943E972A1FB887D4F598629EB5507AB4CF78CC948700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000AA08 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ItemWindow
            • String ID:
            • API String ID: 1669990519-0
            • Opcode ID: d5763e0e8c9a3749c79ab0511775c3be877b2006a0e2304ef9d7db526a893290
            • Instruction ID: f821960635c4a1ca73fad80cb35aec191f9d9fe11b24d5d0cb80eb2ef7e0de39
            • Opcode Fuzzy Hash: d5763e0e8c9a3749c79ab0511775c3be877b2006a0e2304ef9d7db526a893290
            • Instruction Fuzzy Hash: 00F0B776A1879087E710CF1AF48060ABBA0F7C8BE4F548119EF8993B28DB38D8418F00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400180D4 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorFileLastPointer
            • String ID:
            • API String ID: 2976181284-0
            • Opcode ID: 8a34d447fa3e0832555fe1b112a07d0ffd7edee1e2d5ba31b2746fb1036968b5
            • Instruction ID: 6bf7ad6728a244616a86f2ac97959c172c882fe73e7c49e6b0f97d8b25702232
            • Opcode Fuzzy Hash: 8a34d447fa3e0832555fe1b112a07d0ffd7edee1e2d5ba31b2746fb1036968b5
            • Instruction Fuzzy Hash: 80E06D77610B44D1DBA28F22E8C039963A8A75CBD0F101201FB5A477B0DA39C5D5CB10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A680 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Dialog
            • String ID:
            • API String ID: 1120787796-0
            • Opcode ID: ab369d4f140357f1b0f79b8f19a5333c658bd91fdf8ab67524e51bb0028f1f54
            • Instruction ID: d6ac346c1cf935dde6f14bd24f281cf7bce7f0ca5abe3ffa9d7652c47deddf8e
            • Opcode Fuzzy Hash: ab369d4f140357f1b0f79b8f19a5333c658bd91fdf8ab67524e51bb0028f1f54
            • Instruction Fuzzy Hash: 7EE0657112150085E6679B3FD89839826F1E78AB84F594001D30547B78CF3F8CC8C210
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A3D8 Relevance: 3.0, APIs: 2, Instructions: 20COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ChangeCloseErrorFindLastNotification
            • String ID:
            • API String ID: 1687624791-0
            • Opcode ID: 4c907a4584fedd663016c3e1b12b812fdd938b0251e69ca4a056dd77abf6e27a
            • Instruction ID: b67d3af4849342de1c2f95380a0c0ba73f5942846c7cf6471351c2f066b1b285
            • Opcode Fuzzy Hash: 4c907a4584fedd663016c3e1b12b812fdd938b0251e69ca4a056dd77abf6e27a
            • Instruction Fuzzy Hash: 74E012B5711A0086FF5A9BF3EC587B522D05B9CFC5F154028AF07C72A0EE7C88D55201
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A8D4 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ItemShowWindow
            • String ID:
            • API String ID: 3351165006-0
            • Opcode ID: 2ba84bd563e3d10343c533f13b93d188e590c2801bb12e0b99bb59907c2c7faa
            • Instruction ID: 6c02761c73bf97b72e7557279f26fa25ef68adda891ca949cb5974a3e39ec872
            • Opcode Fuzzy Hash: 2ba84bd563e3d10343c533f13b93d188e590c2801bb12e0b99bb59907c2c7faa
            • Instruction Fuzzy Hash: 89E08CB171204C86EB2A9767E4407A812E1E78CBC6F594118D71A072A0EB3C48868200
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001983C Relevance: 2.5, APIs: 2, Instructions: 39COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: CriticalSection$EnterLeave
            • String ID:
            • API String ID: 3168844106-0
            • Opcode ID: cacb2d538569b4a25055d95f9d02ea92e872e3e584bc1122aa5a1093e64a0b92
            • Instruction ID: 2f91f605302ed91bac29cc9404e8debeb1d2e4b39582ef643a0ab49b64debfff
            • Opcode Fuzzy Hash: cacb2d538569b4a25055d95f9d02ea92e872e3e584bc1122aa5a1093e64a0b92
            • Instruction Fuzzy Hash: B2011636710B9482D7109F5BE48465ABB60F399FD4B599016EF8A47B24CF39D851C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400187C4 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@
            • String ID:
            • API String ID: 1033339047-0
            • Opcode ID: 54aa1fdacae7e4b329cd8dcf8f58995f5c33570b6df32e1b8edb81040072f406
            • Instruction ID: de66bf1336a74a20cee7eb79eccd17f9ff187ec3aef0618c95afe03dded01f57
            • Opcode Fuzzy Hash: 54aa1fdacae7e4b329cd8dcf8f58995f5c33570b6df32e1b8edb81040072f406
            • Instruction Fuzzy Hash: B841E736601B4485EB7A8F57D5543A867A0FB88FC0F588425EF9A0B7A4DF3AC994C311
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000C3C8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: MetricsSystem$??3@
            • String ID:
            • API String ID: 2562992111-0
            • Opcode ID: 21a191cc24c5d2c523163d0ccfef709ec0f80e378e4f43f17e2451c931a2a6d6
            • Instruction ID: 3833d6c604191d48acd8f8aeef17e44d42231cfcde162414fe16a62a8026d709
            • Opcode Fuzzy Hash: 21a191cc24c5d2c523163d0ccfef709ec0f80e378e4f43f17e2451c931a2a6d6
            • Instruction Fuzzy Hash: A0212C7263468482E761CB12F890BEA6264F7987C0F844126FF8D53BA5DB3CC945CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001AADC Relevance: 1.5, APIs: 1, Instructions: 46COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: 11eb724de74259ef008f2539646c767acd92f5b7c5ef71f713e52d6ca86e2d33
            • Instruction ID: dccdf7ac044f05f7c7aa3d0cd51540a306e87bb835f63fd32124116bf7c98088
            • Opcode Fuzzy Hash: 11eb724de74259ef008f2539646c767acd92f5b7c5ef71f713e52d6ca86e2d33
            • Instruction Fuzzy Hash: 5901A932704A9086E252DF07A5C07AEA764F74ABD4FA84525FF0847BA6CB39D8428700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001AA28 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: c9979919d1db194ea95ae2375a2eb8ab4e5bc3b3969f5f9536aa72cdd967b338
            • Instruction ID: a5d43057493e11049620aeffdb34781e270f90dd965d03061198b4484d463503
            • Opcode Fuzzy Hash: c9979919d1db194ea95ae2375a2eb8ab4e5bc3b3969f5f9536aa72cdd967b338
            • Instruction Fuzzy Hash: 4001A73270069086D211CF17968075BB764F74DBD4F684525FF584BB65CB3DD852C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018130 Relevance: 1.5, APIs: 1, Instructions: 37fileCOMMON
            Download Yara Rule
            APIs
              • Part of subcall function 000000014001805C: FindCloseChangeNotification.KERNELBASE(?,?,?,0000000140001AE6), ref: 000000014001806E
            • CreateFileW.KERNELBASE ref: 0000000140018184
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ChangeCloseCreateFileFindNotification
            • String ID:
            • API String ID: 727422849-0
            • Opcode ID: 608078c7bdc8d4c2a4d82e13d152463fe85aa2f20a848740e72cb586ec39b86f
            • Instruction ID: ed0f798304ddd17e08eb70a86fcc9dfa0f8f882b298a04474a5d1a6029c6856a
            • Opcode Fuzzy Hash: 608078c7bdc8d4c2a4d82e13d152463fe85aa2f20a848740e72cb586ec39b86f
            • Instruction Fuzzy Hash: 0B018F32614B80C7D3608F16B44164ABBA5F388BE0F144329FFA903BA4CB38D851CB04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000BD78 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@??3@TextWindow
            • String ID:
            • API String ID: 890632301-0
            • Opcode ID: 09e725b9fbc47d079fc7c84f5381cdf1911a0563218748b9eca7763de64a59e1
            • Instruction ID: b333b7fb0bec36bcbfd0e25a39b9a861ca80811600cd3e18b323fc81065f06f5
            • Opcode Fuzzy Hash: 09e725b9fbc47d079fc7c84f5381cdf1911a0563218748b9eca7763de64a59e1
            • Instruction Fuzzy Hash: 62014BB6724A4082EB12DB03E1583EDA3A1F79DBD5F148012EF49077A6DB38C9508B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000C544 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$MetricsSystem
            • String ID:
            • API String ID: 553786342-0
            • Opcode ID: c0bc4c2936f8366efe49f835e346be4b1adb2c95ea69aaa9f98c907475ca1e27
            • Instruction ID: 23bb655ed38c42e7dec931cac22a9a340036093636c2434da9fd674c0f7ea5e7
            • Opcode Fuzzy Hash: c0bc4c2936f8366efe49f835e346be4b1adb2c95ea69aaa9f98c907475ca1e27
            • Instruction Fuzzy Hash: 09015631220B8882EB42CB52F8943C573A4FB8C384F80402ABE8D437A5EF3CD808C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140015EC0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@free
            • String ID:
            • API String ID: 3516102813-0
            • Opcode ID: fb501c30ffe9a70a30cad8f0cc87e8e5236dade86312694362895bdc017173c6
            • Instruction ID: 830a6167fbdf873f81acc46e7d707ca8aeb0adf8bf5cb19c2589b8a9cafa547f
            • Opcode Fuzzy Hash: fb501c30ffe9a70a30cad8f0cc87e8e5236dade86312694362895bdc017173c6
            • Instruction Fuzzy Hash: F2F0C976205A4485EA16DF26E4A53D86364EB4CBC4F958126AB4D4B375DE39C895C300
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400012CC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: AttributesFile
            • String ID:
            • API String ID: 3188754299-0
            • Opcode ID: fdd6c57b336fe3967596980c063f1acd51b5360f85544f337aeac028ca6633ab
            • Instruction ID: 86b86e1f875e3c546c6c39830c42d3ae0764d62cd28490eec4c28c7083631913
            • Opcode Fuzzy Hash: fdd6c57b336fe3967596980c063f1acd51b5360f85544f337aeac028ca6633ab
            • Instruction Fuzzy Hash: E9F0F9B2600A00C2EB6ADF6AD4443E863A0FB8CB88F544525DB094B6B4EF39C996C300
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018278 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: fe911cb77f57771cb470a8d52b7c2442bb7fbd58ad24304b36c8a612410abd7e
            • Instruction ID: 2ec6e2cfa779f533d74e5e22b73f45f8a3e3eaf4dda18a3a819ed566e25001f9
            • Opcode Fuzzy Hash: fe911cb77f57771cb470a8d52b7c2442bb7fbd58ad24304b36c8a612410abd7e
            • Instruction Fuzzy Hash: 49E04676624544CBE311CF61E400B9AB3A0F398B25F404118EA8A83B64CBBCC544CF40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001AC4 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: 41d9f9ef1dc3b57e3a721cf8f8f2021bfdce0c87f5d6798cf92c775094d15662
            • Instruction ID: ec44a651fb08ff4208ab8d663cb64ae3eb70d7ecdfb83dc7752a680166838147
            • Opcode Fuzzy Hash: 41d9f9ef1dc3b57e3a721cf8f8f2021bfdce0c87f5d6798cf92c775094d15662
            • Instruction Fuzzy Hash: CDE0C23174464481EB069B9BB6913E86265EB4DBC0F588024FF4803BB2CE78C8A38301
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A420 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast_beginthreadex
            • String ID:
            • API String ID: 4034172046-0
            • Opcode ID: b72dc7b368f5597b6cc9a18f35c8f391413a9f10ec7fdc6464c855525bc647eb
            • Instruction ID: 9e13317f9715109fa2eac0ac4686b1bb256ea08cc9a6434f8cc8f47cc38c69a9
            • Opcode Fuzzy Hash: b72dc7b368f5597b6cc9a18f35c8f391413a9f10ec7fdc6464c855525bc647eb
            • Instruction Fuzzy Hash: B9D05B76625B8087DB15DB62F4053D963A4A79E7D9F148028FF8D43365EF3CC2548600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001154 Relevance: 1.5, APIs: 1, Instructions: 15windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessageSend
            • String ID:
            • API String ID: 3850602802-0
            • Opcode ID: 900fbfe728c5593d45b02129af1571f898a5c4f8108e92cb198522ad7a1ee711
            • Instruction ID: b69322a373f40d2fa1fd105a0f7b71726b3d59bc9bfad3d2942958f1aa6ccbda
            • Opcode Fuzzy Hash: 900fbfe728c5593d45b02129af1571f898a5c4f8108e92cb198522ad7a1ee711
            • Instruction Fuzzy Hash: 7ED05EB561111182FB5F8B57AD093E511A2AB8C7C0F94C019BB044B2F0C97D4C858B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400181DC Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: FileRead
            • String ID:
            • API String ID: 2738559852-0
            • Opcode ID: cb644cd8d1f1905214f6792a3cbcb5a71db60d1d09dd455a2866124d54a34d44
            • Instruction ID: 86fefbcd83b3913b4cd700f615bed1432190b39d7ec08578771d5e8e5d89d9c2
            • Opcode Fuzzy Hash: cb644cd8d1f1905214f6792a3cbcb5a71db60d1d09dd455a2866124d54a34d44
            • Instruction Fuzzy Hash: 0FD01772624984CBE7018F61E444B6AF764F398BA9F084008EB898A664CBBDC495CF00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001805C Relevance: 1.5, APIs: 1, Instructions: 14COMMON
            Download Yara Rule
            APIs
            • FindCloseChangeNotification.KERNELBASE(?,?,?,0000000140001AE6), ref: 000000014001806E
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ChangeCloseFindNotification
            • String ID:
            • API String ID: 2591292051-0
            • Opcode ID: 60fd23dc0f84d2c3f2dcea106af43bf734ae91ca7e1a62bac8cc23c3b08f3bc4
            • Instruction ID: 8e6fd74606613dcdde953c05bcf23f19d7e6a9153137f3f59d1f8e8c1ee46785
            • Opcode Fuzzy Hash: 60fd23dc0f84d2c3f2dcea106af43bf734ae91ca7e1a62bac8cc23c3b08f3bc4
            • Instruction Fuzzy Hash: 63D09E71A0194581EB771FBA84413543395A75CFB4F5843109B754A2E0DA2689968711
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400195F8 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: b72743eb361664d82c275d1e974104d4d681605d4059b6f5b43ea9aea1490b5e
            • Instruction ID: 11dc706e16af470e3a4d7cc3df911193cf664264314d879e62d066bde224018a
            • Opcode Fuzzy Hash: b72743eb361664d82c275d1e974104d4d681605d4059b6f5b43ea9aea1490b5e
            • Instruction Fuzzy Hash: 62D0127171124543EE76A6BB54423D46250975E7F8F180620FF308F2E2E63699934B10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001AAB4 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID:
            • API String ID: 613200358-0
            • Opcode ID: fef9e5114bb7b9b45218d8570e31c364584d71e4da58567589a6f18737c70e4d
            • Instruction ID: 40f2cf2f80e87ffe45f561daa4115ab8faf72166c337f67564cc1bc82ec64de9
            • Opcode Fuzzy Hash: fef9e5114bb7b9b45218d8570e31c364584d71e4da58567589a6f18737c70e4d
            • Instruction Fuzzy Hash: E9D01271B1034547EE6AA7BB54423D81250D71E7B4F640714FB704F2E2DB29C9934711
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018254 Relevance: 1.5, APIs: 1, Instructions: 11timeCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: FileTime
            • String ID:
            • API String ID: 1425588814-0
            • Opcode ID: 6a0d52bac7a705ee21b9cba521dba818c34176661b34fd447dfb1df5715079e4
            • Instruction ID: a8864e215d1781b561f977d9942fe44c3bab8b0121a593bf2ef7b1a799a9fa4c
            • Opcode Fuzzy Hash: 6a0d52bac7a705ee21b9cba521dba818c34176661b34fd447dfb1df5715079e4
            • Instruction Fuzzy Hash: 2FC08C3AB2142082D70C937748E271D1212638CF80FE1C428DB0FD6710CC3C80D64B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400194EC Relevance: 1.3, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ExceptionThrow
            • String ID:
            • API String ID: 432778473-0
            • Opcode ID: 088c7989c6830c2dae7f44350017a953dd094d2267a7ccfc3a7c985fb350db90
            • Instruction ID: 0df30f8ba79df6d1bb458f30455cb07bc174ed77bb4e3c06237ec5f0adee4d35
            • Opcode Fuzzy Hash: 088c7989c6830c2dae7f44350017a953dd094d2267a7ccfc3a7c985fb350db90
            • Instruction Fuzzy Hash: 8B316576612F4499EB428B19E4843D933A8F70C758FA0463ADB8C07775EF7AC95AC380
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018A74 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast
            • String ID:
            • API String ID: 1452528299-0
            • Opcode ID: 8f19b6621b0f68508855df72082f1fe74747effc1c26b8db5c25bcc9e0106cb3
            • Instruction ID: 582de85c3c4221056c3d89bb531e227b3cad688c5854f62f37c7784f836c5433
            • Opcode Fuzzy Hash: 8f19b6621b0f68508855df72082f1fe74747effc1c26b8db5c25bcc9e0106cb3
            • Instruction Fuzzy Hash: 49F0BB3131858547FB728BAEA4803E952D0BB4C7C4F944526FF89CBA75D979CE948702
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018B28 Relevance: 1.3, APIs: 1, Instructions: 32COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorFileLastWrite
            • String ID:
            • API String ID: 442123175-0
            • Opcode ID: 88c23c17ee25e73724b32c10983a9cd08bcae85fc69e39aee9daa1343831ffd8
            • Instruction ID: 0cf489fb7cefbee19b390f06c5ccb45f93454c31495503a7f945c0bf97b62f7c
            • Opcode Fuzzy Hash: 88c23c17ee25e73724b32c10983a9cd08bcae85fc69e39aee9daa1343831ffd8
            • Instruction Fuzzy Hash: D1F0E97131818087DB618FABA0C07A96191F71C7C4F441435FB468B666D734CD948744
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018A14 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast
            • String ID:
            • API String ID: 1452528299-0
            • Opcode ID: f91846a33f49af399046c59952a0e6f93846c9f63ec338f8fde20e094b0c6a68
            • Instruction ID: 128b5b1f7257d182eacd3f7695c14909f43ec7ed553b312aea87ee65d7bc1eef
            • Opcode Fuzzy Hash: f91846a33f49af399046c59952a0e6f93846c9f63ec338f8fde20e094b0c6a68
            • Instruction Fuzzy Hash: 0AF0A7313241808BE7A19F6BA5C07A96290BB4CBC0F94143AFF968B665DA79CE948705
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400030E0 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: a6e0a543eeb45b1ba8c0fc891aae8c468f576be2538950eefc783f34eb0adf93
            • Instruction ID: 12badb2b82353b6cd46749a83adf26e0197359f862afe37d23c6629bd06fea85
            • Opcode Fuzzy Hash: a6e0a543eeb45b1ba8c0fc891aae8c468f576be2538950eefc783f34eb0adf93
            • Instruction Fuzzy Hash: ACD0C9F071914581FB3B53B378167E745481B1CBC5F440424AF128B6E2E93AC5D54B44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140003114 Relevance: 1.3, APIs: 1, Instructions: 13COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: malloc
            • String ID:
            • API String ID: 2803490479-0
            • Opcode ID: a344c7a17730a24953e72c12aa7d89d02a79851603dec69080b8712952861b8c
            • Instruction ID: 8126266e23569604762762580943d7cc9108cc55e64ca7625322b7278f9ed206
            • Opcode Fuzzy Hash: a344c7a17730a24953e72c12aa7d89d02a79851603dec69080b8712952861b8c
            • Instruction Fuzzy Hash: B8C08CB0B1920281FF27A3733C053F602580F1D7C4F082420EF178B2A2E934C4E10388
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400024FC Relevance: 1.3, APIs: 1, Instructions: 8COMMONLIBRARYCODE
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: FreeVirtual
            • String ID:
            • API String ID: 1263568516-0
            • Opcode ID: e643dfb97a48b38184bc71a0c771ec05a04a27d2e8b6a4efa83338b3aea368fc
            • Instruction ID: c79e3af48478552d1d4dcca3c90f12c9cb13629bcbdadc58ae5c8af48aa99fec
            • Opcode Fuzzy Hash: e643dfb97a48b38184bc71a0c771ec05a04a27d2e8b6a4efa83338b3aea368fc
            • Instruction Fuzzy Hash: 79B09274B1380081FFAEE3576D6135040612F8C782E848158EA09026608E38066B0F04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002518 Relevance: 1.3, APIs: 1, Instructions: 6COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: free
            • String ID:
            • API String ID: 1294909896-0
            • Opcode ID: cd1963c0231a449e0201285a365b6c8630ccb4145deee97d4e002115b2bbb57a
            • Instruction ID: b62d7211c97d4d99b760abce51a73e8f8216415605979fa60d8ed3bb4eb9178e
            • Opcode Fuzzy Hash: cd1963c0231a449e0201285a365b6c8630ccb4145deee97d4e002115b2bbb57a
            • Instruction Fuzzy Hash: DAB01274E03802C2ED0FA3431C5135410101F0D346F9600049701015614A3C04AF0605
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions

            Function 0000000140006C60 Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 185stringCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast$_wtol$??2@EnvironmentVariablelstrcmpi$??3@ByteCharInfoLocaleMultiWidelstrlenwsprintf
            • String ID: CancelPrompt$ErrorTitle$ExtractCancelText$ExtractDialogText$ExtractDialogWidth$ExtractPathText$ExtractPathTitle$ExtractPathWidth$ExtractTitle$GUIFlags$GUIMode$MiscFlags$OverwriteMode$PasswordText$PasswordTitle$Progress$Title$WarningTitle
            • API String ID: 23300869-2157245290
            • Opcode ID: 8f4e636a56b65a8d4d1e0c1cc19368c267f83044d73afd2cc50ef2fc3ef7b458
            • Instruction ID: 10db4e49cc09c16a37a9eb6e00b36d987ebe79190347e2aec0cbcc53de5c4e8d
            • Opcode Fuzzy Hash: 8f4e636a56b65a8d4d1e0c1cc19368c267f83044d73afd2cc50ef2fc3ef7b458
            • Instruction Fuzzy Hash: C181F7B131174181FF57EB2BF8657E423A5AB8DBD0F956029BA4A077B6EF78C8448700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002BB4 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 131stringCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast$??2@EnvironmentVariable$??3@ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
            • String ID: SfxString%d
            • API String ID: 579950010-944934635
            • Opcode ID: cb2662f3c2ad11c51da9d884ab9eb49bbf496768983eff72749beea9758c2f50
            • Instruction ID: cdd3954237dff648b59348d4ff135c9c035ce642d639e0d2756145f05093bfc1
            • Opcode Fuzzy Hash: cb2662f3c2ad11c51da9d884ab9eb49bbf496768983eff72749beea9758c2f50
            • Instruction Fuzzy Hash: 9B514872200A4586EB66DB23F885BA933A1F78CBD4F44412AFB1A437B4EB38C945C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140003E88 Relevance: 16.6, APIs: 11, Instructions: 81filestringCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: File$Find$??3@Attributeslstrcmp$CloseDeleteDirectoryFirstNextRemove
            • String ID:
            • API String ID: 1862581289-0
            • Opcode ID: 4f3e757cda006ff2284139ef6d2fc1b0bc74b9d385bd6d2a786dca4ff59dabd3
            • Instruction ID: 565dcd4f617b5ea8440bafb7faf5eba673d93f54db69377951f890960de446c5
            • Opcode Fuzzy Hash: 4f3e757cda006ff2284139ef6d2fc1b0bc74b9d385bd6d2a786dca4ff59dabd3
            • Instruction Fuzzy Hash: 0D310C71704A4291EB53DB27F8503E963A5BB8CBD0F844225BA5E47AF9DF7CC9098700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000D328 Relevance: 16.6, APIs: 11, Instructions: 77stringwindowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: FormatMessagelstrcpylstrlen$??2@??3@ErrorFreeLastLocalwvsprintf
            • String ID:
            • API String ID: 829399097-0
            • Opcode ID: 50e664bdfb66e25894f099d4a0b4276996e572cb3c6312dcdd15bb8a62020e0b
            • Instruction ID: b2c157b53e8ae3b6b7f410addf8fe44d36d5f0c493faa764c8cdbd8fc4daff3d
            • Opcode Fuzzy Hash: 50e664bdfb66e25894f099d4a0b4276996e572cb3c6312dcdd15bb8a62020e0b
            • Instruction Fuzzy Hash: F7318C32204B4182EB15DB52F88439AB3A5F7997E1F514129FB9E43AA4EF7CC8488B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140007290 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80synchronizationCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@CloseExecuteHandleObjectShellSingleWait
            • String ID: runas
            • API String ID: 228040680-4000483414
            • Opcode ID: 68883d09e73ee182fc14b5a5bce8f2b324177c31765d8b014cc4152f2f81f4f1
            • Instruction ID: 439ee56645c6ebca01aea5e0a66fb0c6715fb919133604d2e15fdbf53ada0234
            • Opcode Fuzzy Hash: 68883d09e73ee182fc14b5a5bce8f2b324177c31765d8b014cc4152f2f81f4f1
            • Instruction Fuzzy Hash: 98413C72A18B8486E721DB12F44439AB3A4F7D8BD0F504119FB8D43AAACF7CCA05CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140021B8C Relevance: 5.3, APIs: 4, Instructions: 254COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ExceptionThrow$??2@
            • String ID:
            • API String ID: 3392402120-0
            • Opcode ID: 0f6016ca687063e179ee74b70acac2ce658befef4e1c7b89f4779ae4fd80dacb
            • Instruction ID: e82bcadf208d9880996ea403331261188986581afee0adac8e3c7d1bf186ce49
            • Opcode Fuzzy Hash: 0f6016ca687063e179ee74b70acac2ce658befef4e1c7b89f4779ae4fd80dacb
            • Instruction Fuzzy Hash: 92B14576600A8492EB25DF6AD4843E93761F798B88F52812AEF4E07B68DF34D945CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002E64 Relevance: 4.5, APIs: 3, Instructions: 39memoryCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocateCheckFreeInitializeMembershipToken
            • String ID:
            • API String ID: 3429775523-0
            • Opcode ID: abe6f783ec305016ce38fee71c7ad877d57f220a55fa2606fae195cd5eb54461
            • Instruction ID: bd99a0001b312c42b342465bde96b36effb439ec37525ee33b7f735884031050
            • Opcode Fuzzy Hash: abe6f783ec305016ce38fee71c7ad877d57f220a55fa2606fae195cd5eb54461
            • Instruction Fuzzy Hash: 061100B76096C0CAD721CF69E48478EBBA0F3A8B44F94412AE78983724C738C549CF14
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140011620 Relevance: 2.6, APIs: 2, Instructions: 107COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: memset
            • String ID:
            • API String ID: 2221118986-0
            • Opcode ID: 9649af6fc4ef3f732a6c9dbd497b6dcb2825c84bd5b21f93c621901826dd70cd
            • Instruction ID: 65a7a550d7fee471dd990d29c9786560241e7a1407137cfc9d40ef62c6af32ea
            • Opcode Fuzzy Hash: 9649af6fc4ef3f732a6c9dbd497b6dcb2825c84bd5b21f93c621901826dd70cd
            • Instruction Fuzzy Hash: D141C17361469086D375CF0AF4047DEB6A4F7D4784F558222EF8997B95EB3AC059CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000E1A0 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MZ`
            • API String ID: 0-2330268423
            • Opcode ID: ce6d06c27b1aa1ff0d9a26cd617125f9c085dea1c835c55786a4642b8c874b91
            • Instruction ID: 7c3f91cd70b1956add45bf232b18aa1fba3a1746be0ff1480ceef520eef83f4d
            • Opcode Fuzzy Hash: ce6d06c27b1aa1ff0d9a26cd617125f9c085dea1c835c55786a4642b8c874b91
            • Instruction Fuzzy Hash: 32C180732202B88BE745CA2F9854CED37E5F39574E7829221EF8497789C63CB511DBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000DC90 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MZ`
            • API String ID: 0-2330268423
            • Opcode ID: b9f2e461abbd51a00089050847e4ef3fffaf09491b871cef7acf0fa9541dd99d
            • Instruction ID: 681f7e495cc456687deb5cc797622adf3b1852cdd8235db41fbcd6a1effff65e
            • Opcode Fuzzy Hash: b9f2e461abbd51a00089050847e4ef3fffaf09491b871cef7acf0fa9541dd99d
            • Instruction Fuzzy Hash: CDC1B5722212788BD701CB2F98449E937E4F3947497939622EBA86B745D53CF902EB60
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000F6E0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MZ`
            • API String ID: 0-2330268423
            • Opcode ID: 57bda3d6129cfde47ffdf7141f32b3817ba5098d38a3470dffbb5b8e9bb35259
            • Instruction ID: ef8c7858fccc3ed7b94a1a200c0c2525697487ea3fc1e667f9ba29d498590d53
            • Opcode Fuzzy Hash: 57bda3d6129cfde47ffdf7141f32b3817ba5098d38a3470dffbb5b8e9bb35259
            • Instruction Fuzzy Hash: 4A51E572A206A04AE7598F25BC91BEA77D4F3883C1F40863EEB69C3BA0C67CD515C750
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000DA50 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MZ`
            • API String ID: 0-2330268423
            • Opcode ID: 77ee53ef5df956b01911539818a9af233fb13bf1a7387d27248b6e01f32a8f1a
            • Instruction ID: d4a5a2d3cc526a446392909bb2679bde978dbacf427336f79b1af1971378171d
            • Opcode Fuzzy Hash: 77ee53ef5df956b01911539818a9af233fb13bf1a7387d27248b6e01f32a8f1a
            • Instruction Fuzzy Hash: 6A31D2B231829486DB26CB2E68503EDBBE0F3497C6F441036EB9E87755DB38D606D320
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140013230 Relevance: 1.0, Instructions: 975COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7c683318e74ac658dfae7f1b22a9d6e285bfeb19a3b61a0aa070cfdaaeb6d944
            • Instruction ID: fa98dea519b5eda1a7b0c88864ac0a028e56931ae606e2e3414ea0131dc4e294
            • Opcode Fuzzy Hash: 7c683318e74ac658dfae7f1b22a9d6e285bfeb19a3b61a0aa070cfdaaeb6d944
            • Instruction Fuzzy Hash: AE72F6B27341A14BD72A8B39E444FA92BE1F3587C4F106125FAC6CBF94E17AD642CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140014190 Relevance: .5, Instructions: 463COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 45bd88158f73c13cbdc850b91d707fbfbba09d5aaaa967a2fa98ea12ed02f1c7
            • Instruction ID: 579726e642534f0cfa0854f9aa4bc9bf832e03f50000378888d5f0d5352a2755
            • Opcode Fuzzy Hash: 45bd88158f73c13cbdc850b91d707fbfbba09d5aaaa967a2fa98ea12ed02f1c7
            • Instruction Fuzzy Hash: C0F12F763284A142EB2B8E36E448FF92A91B3597C5F106521FB57CBAF0F27AC546D340
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400108C0 Relevance: .4, Instructions: 422COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1382a43b33b7cddcd7db1b64c69a0af682e84982ece76e86edf28eade05d2ca4
            • Instruction ID: dcf8dc4ec09eb26f90e66d9f3c91f1ef6e77107547623fbbca91f4d6bc64b13c
            • Opcode Fuzzy Hash: 1382a43b33b7cddcd7db1b64c69a0af682e84982ece76e86edf28eade05d2ca4
            • Instruction Fuzzy Hash: 6F126E72200BA186EB55DB16D09CBEE33A8F748BC4F424125EB8E4B7A1CF76C845C758
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140016C30 Relevance: .3, Instructions: 347COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: memset
            • String ID:
            • API String ID: 2221118986-0
            • Opcode ID: 782b1ac514266e36a8b2af6f8300c2d1ac7d5ec6ebeedf4e2e0c9041e33cce00
            • Instruction ID: cb5fb520cfc70f0c9e71261567dbc8f25451d660115271b4213b66b039d10361
            • Opcode Fuzzy Hash: 782b1ac514266e36a8b2af6f8300c2d1ac7d5ec6ebeedf4e2e0c9041e33cce00
            • Instruction Fuzzy Hash: 61E191736056848BD719CF3AD4407ADBBA1F748F88F18C129EB4A87369EA3AD855C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000ECB0 Relevance: .3, Instructions: 255COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c43836c3c657f884e75bc9386950e75eef15775ecf5ec7c41fb3815de4e5849f
            • Instruction ID: 07aa253ac8b61df6464c485799feee28b840e9c55244de6a4247c0e5a0b51d22
            • Opcode Fuzzy Hash: c43836c3c657f884e75bc9386950e75eef15775ecf5ec7c41fb3815de4e5849f
            • Instruction Fuzzy Hash: 01B194E36082E48EC71A8B2E556857C7FF0E22A782709429BE7E543743D22CD365DB35
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400170F0 Relevance: .2, Instructions: 168COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 69b6475d7a0199148ef249fbc053a23c943e0ccf4ae01405b7bd2e1dbab77975
            • Instruction ID: c2d67d44a79bda1c45b2b78fd56d78dc5af30eda27a3605eeba87b83f0d380da
            • Opcode Fuzzy Hash: 69b6475d7a0199148ef249fbc053a23c943e0ccf4ae01405b7bd2e1dbab77975
            • Instruction Fuzzy Hash: F3619EB76156D08BC755CF3AD140A6CBBB0F759B84F48D102EB8983790D73AD9A1CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000E940 Relevance: .2, Instructions: 157COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b38ed77ee13a2300beb4958c0d2de25dc3c21f874df050270ccc9342af00a9b3
            • Instruction ID: 7f0e2c8b05abf86899b756dade96abd4103cab53847549304050610ada12d9b0
            • Opcode Fuzzy Hash: b38ed77ee13a2300beb4958c0d2de25dc3c21f874df050270ccc9342af00a9b3
            • Instruction Fuzzy Hash: 3251E1B37246508BC354CF2DF848A4EB7A5F388798B154225EB99C3B49D739D941CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140022940 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 149e944d266e5c5b931dd92add6c7ceb5ff4a8b28220e4052e827b713932bc95
            • Instruction ID: 07eb831dacb520702a90a23cc79b56cd7647481813ad32dc71b482efc1c29fb5
            • Opcode Fuzzy Hash: 149e944d266e5c5b931dd92add6c7ceb5ff4a8b28220e4052e827b713932bc95
            • Instruction Fuzzy Hash: 4D21913B320A4207EE4CC77A9D277B92291A348345F84993DEA5BC7695EA3DC5198344
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140022F94 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b3a61a306afd697059511bcae512bb4e71a01eda6d32417fa44cf9ee444eb9bc
            • Instruction ID: 73a65b453be35d4ce3bb89c36512a33c87892c173acc78055ed17d4323c9323d
            • Opcode Fuzzy Hash: b3a61a306afd697059511bcae512bb4e71a01eda6d32417fa44cf9ee444eb9bc
            • Instruction Fuzzy Hash: 0F418F62D14FD151EB174F3C9402369B320FFABB48F00D716FFC171861EB22A584A611
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140022BB1 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b0b449660420dd74c52b061e4e0ac893857a26900f34d65d6a0f16e249f0c9ca
            • Instruction ID: 996cc509826c41d954252e3c0182fdc15f9bc86c70725160855f9fc20ca493e8
            • Opcode Fuzzy Hash: b0b449660420dd74c52b061e4e0ac893857a26900f34d65d6a0f16e249f0c9ca
            • Instruction Fuzzy Hash: DA2107B3E105605BD7478E7ED6883E9B391F7087FAF124B26EF55639E8C1286850C650
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140022CA0 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf09fca67504a56f52be9d588926d6449e0b21bca4f1d215e3043032594f1d6f
            • Instruction ID: dc4db3f6d310dbc4b173e44157b0558f9cce0c008b45b147503ebb6fa7b12afb
            • Opcode Fuzzy Hash: bf09fca67504a56f52be9d588926d6449e0b21bca4f1d215e3043032594f1d6f
            • Instruction Fuzzy Hash: 642126B3A204605AD307DF2AEA887BA63D1FB0C7FDF568B259F53579D8C5289840D600
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000E740 Relevance: .1, Instructions: 60COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b7f0f242bf6ff99ddfe88e2de1c9eb7502ac975c9d7c63aba052d3741762a5e6
            • Instruction ID: 6a6207eeb7cf2c96ec4238f3769f578d3fac3a3c83234058a3e3c9db56367f79
            • Opcode Fuzzy Hash: b7f0f242bf6ff99ddfe88e2de1c9eb7502ac975c9d7c63aba052d3741762a5e6
            • Instruction Fuzzy Hash: 482103B76247A48BC340CF1AE04890FBBB8F788B94F169006EB8893714CB34E941CF48
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140022B70 Relevance: .0, Instructions: 19COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: da3a4fd853bef1e23ab0d859d8b080efc035e4e503cfffb517ab2648b17c4fa8
            • Instruction ID: e93ac3addf8566834cc1e59b65eb65e121e7aec22703aba379d5dac9e33cbc56
            • Opcode Fuzzy Hash: da3a4fd853bef1e23ab0d859d8b080efc035e4e503cfffb517ab2648b17c4fa8
            • Instruction Fuzzy Hash: F2E04CB2919641DFD3489F2DA54115ABBE0E798314F44C56EE699C7B19E23CC4919F00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400073EC Relevance: 58.0, APIs: 30, Strings: 3, Instructions: 203threadprocesssynchronizationCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$CloseHandleObject$CreateProcess$CompletionErrorLastResumeThread$??2@AssignCodeCommandExitInfoInformationLinePortQueuedSingleStartupStatusWait
            • String ID: " -$h$sfxwaitall
            • API String ID: 2737579793-4132442212
            • Opcode ID: ef542cf7b91112885125d90d4d43afff281ca9640340473581095675d7b35d76
            • Instruction ID: 35156185bb972c6355c094420fad334aee275d507b68e5537b09c5fb06d852d0
            • Opcode Fuzzy Hash: ef542cf7b91112885125d90d4d43afff281ca9640340473581095675d7b35d76
            • Instruction Fuzzy Hash: 6BA13072608A8582EB61DB62F4543DAB361F7D9BD0F408119EB8E47BA9DF7CC449CB01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002798 Relevance: 38.6, APIs: 21, Strings: 1, Instructions: 120windowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
            • String ID:
            • API String ID: 3462224810-3916222277
            • Opcode ID: 26ade80c2127ac77d3c78208ea6233ae7e265dfd8bd1ee717d6e34b9500d5daf
            • Instruction ID: e3479925685cc3f49304bd47c1febaaee34c875622ba7d18e675c696bdcfd068
            • Opcode Fuzzy Hash: 26ade80c2127ac77d3c78208ea6233ae7e265dfd8bd1ee717d6e34b9500d5daf
            • Instruction Fuzzy Hash: 6741293971075083EB199B23B898B5A7361F789FD5F514129EF4A43B64CF3DD88A8B04
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400046B4 Relevance: 37.1, APIs: 19, Strings: 2, Instructions: 373stringCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@$strncmp$lstrcmplstrlenwcsncmp
            • String ID: SetEnvironment${\rtf
            • API String ID: 2284649278-318139784
            • Opcode ID: 3e6a06ef15f6418270d7cb7474b3cfec427e61efad56fe83265623473811b33a
            • Instruction ID: 791a431dda549a468fad8cbb611fbd05f549aaf6a583b695bbb7d383549a121a
            • Opcode Fuzzy Hash: 3e6a06ef15f6418270d7cb7474b3cfec427e61efad56fe83265623473811b33a
            • Instruction Fuzzy Hash: F5F16DB260868486EB62DF17F4903EE67A1F789BC4F544016FB89077AADF38D845CB05
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140004E14 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 291comCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$_wtol$CreateFolderInstancePathSpecial
            • String ID: .lnk
            • API String ID: 408529070-24824748
            • Opcode ID: b22056eb0ab64836e77ee0fdc3e12ec2d8b5f200aa620c899d7aa0044d9ade5e
            • Instruction ID: 24e89d9e44830d47bb3e07b84861bb9e379d00b0f26f29bb4731df0a07dd64fb
            • Opcode Fuzzy Hash: b22056eb0ab64836e77ee0fdc3e12ec2d8b5f200aa620c899d7aa0044d9ade5e
            • Instruction Fuzzy Hash: 4EE1307221878581DB25EB26F4943EEB365F7C97C1F504015FB8A43AAADF78C815CB01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400041B0 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 107windowlibrarystringCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Window$??3@MessageSend$Text$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
            • String ID: RichEdit20W$STATIC$riched20${\rtf
            • API String ID: 3514532227-2281146334
            • Opcode ID: 1cea02e449897f8f4e117bd75284b9e339369529b9347a5d78e627892f520267
            • Instruction ID: 72e38384b6fda40cc7471d1c060dcd74c06f6907f8f39cadb45de74e26403e4b
            • Opcode Fuzzy Hash: 1cea02e449897f8f4e117bd75284b9e339369529b9347a5d78e627892f520267
            • Instruction Fuzzy Hash: AC5118B5314A8486EB52DF27F4507AA63A1F78CBC1F544129EB8A47B6ADF3CC9458B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140002968 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 106windowcommemoryCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
            • String ID: IMAGES$STATIC
            • API String ID: 4202116410-1168396491
            • Opcode ID: 994f66225cb16ce21fdac055c8b6c01be2faff5d1ebffc34b565adef7fd54e96
            • Instruction ID: b4b4f888654b6f795b9f0930c28b5f26d58917c648ba98f01d9a8093a39e4dfe
            • Opcode Fuzzy Hash: 994f66225cb16ce21fdac055c8b6c01be2faff5d1ebffc34b565adef7fd54e96
            • Instruction Fuzzy Hash: 3A411B72205A9182EB26DF66F4547DA73A0FB8DBC5F444026EB4E47B64DF3CC9498B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000D08C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 75windowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Item$Window$ClientMessageScreenSend$CreateDestroyDirectoryFileFocusInfoLongParentRectShowSystem
            • String ID: Edit
            • API String ID: 2208078884-554135844
            • Opcode ID: 014029fb9c0f5c798ac95976c8b3edb8470af2b959fc17a496693b0b21a1a8e9
            • Instruction ID: 4f0148b2ab78eff773b92db9013aa9c41d0a2ae55cdefcb65806dfae56bf3756
            • Opcode Fuzzy Hash: 014029fb9c0f5c798ac95976c8b3edb8470af2b959fc17a496693b0b21a1a8e9
            • Instruction Fuzzy Hash: 5C31233A714B9083EB15DB22F45478AB361F78DBC4F508119EF9A03B29CF38D8558B40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B1A0 Relevance: 16.6, APIs: 11, Instructions: 91windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
            • String ID:
            • API String ID: 2586545124-0
            • Opcode ID: 490ed51eca46437f8bc29aea8fc558295c222f8e5612c212394ff57848fc6a8b
            • Instruction ID: 2e74cc92aef88ab80e538159a8b4db3f0932fda3956a3122f2ef86bd2256572e
            • Opcode Fuzzy Hash: 490ed51eca46437f8bc29aea8fc558295c222f8e5612c212394ff57848fc6a8b
            • Instruction Fuzzy Hash: 89316B75604A4086E711DF6BB9447AEA7A1F78DBD5F140228FF8A47B68CF7CD8458B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140005364 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 156COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@wsprintf
            • String ID: :%hs$:Language:%u$;!@Install@!UTF-8!$;!@InstallEnd@!
            • API String ID: 3815514257-695273242
            • Opcode ID: f34f66f1e3866e49f017d88cc1823a54f02a6a53f8bca56b665e03616c298efa
            • Instruction ID: 8c688fbb0041d26bc6ae15155a462ee40b73d92bd5ee55008e43259a9ea6384f
            • Opcode Fuzzy Hash: f34f66f1e3866e49f017d88cc1823a54f02a6a53f8bca56b665e03616c298efa
            • Instruction Fuzzy Hash: 1C61B0B261468486DB22EF2BE4503DA7B65F34DFC8F449012FF8917726CA39D956C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000A6C4 Relevance: 12.0, APIs: 8, Instructions: 45windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ItemMessageSend
            • String ID:
            • API String ID: 3015471070-0
            • Opcode ID: 73fba6efa1d381fd05114ef084849e85003ff514f7a0caefc0f587df7393576e
            • Instruction ID: 31a53a71e8ff25a84de4a2e277adbe73aab4cca00721c47dcf2059183477464c
            • Opcode Fuzzy Hash: 73fba6efa1d381fd05114ef084849e85003ff514f7a0caefc0f587df7393576e
            • Instruction Fuzzy Hash: 69112739310AA08BE7159F93F8547AA7221FB8CFC5F549029AF5A43B25DF38D8558B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018D70 Relevance: 11.4, APIs: 9, Instructions: 114COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: memcmp
            • String ID:
            • API String ID: 1475443563-0
            • Opcode ID: bdee6421f3acc97bff90778bedd7deafc2201c4f350093a814738972457288ea
            • Instruction ID: fc41c3f96601c974f21c35de1e6372b8c10fcc77abb64dbd8f6502eb97a410b8
            • Opcode Fuzzy Hash: bdee6421f3acc97bff90778bedd7deafc2201c4f350093a814738972457288ea
            • Instruction Fuzzy Hash: 7E410871208B8195FB669F27E8403D823A5A76DFC4FD45025EF094B6BAEF7ACA158304
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400058E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@
            • String ID: %%T$%%T/$%%T\
            • API String ID: 4113381792-3604420949
            • Opcode ID: c895a83202c509a649527651f62f40fa79b642c8f5e3fe230110cb5a11ebf478
            • Instruction ID: e469b74e8fe9b479cde82999b7ae5f247f4a7a0e88f31417278b6bcc544b8959
            • Opcode Fuzzy Hash: c895a83202c509a649527651f62f40fa79b642c8f5e3fe230110cb5a11ebf478
            • Instruction Fuzzy Hash: B541ED72224A8492DB62DF16E4913EA6370F789BD5F805112FB8D476A9DF7CCA06CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140005A58 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@
            • String ID: %%S$%%S/$%%S\
            • API String ID: 4113381792-1963631775
            • Opcode ID: 73edd43c9021fcd5f8b3558ad6a79a065c0e9fee4b8df97bf5d74eaa5836a6b9
            • Instruction ID: 49a38b35dc0d0dec87a86da54b3c63a361a7ccec6a3f853b3077ed1f92172575
            • Opcode Fuzzy Hash: 73edd43c9021fcd5f8b3558ad6a79a065c0e9fee4b8df97bf5d74eaa5836a6b9
            • Instruction Fuzzy Hash: F841EFB2224A8492DB62DF16E4913EA7370F789BD4F805111FB8D476A9DF7CCA06CB41
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140005BD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@
            • String ID: %%M$%%M/$%%M\
            • API String ID: 4113381792-1781175070
            • Opcode ID: 874374037690d482bc113b8387e9d7bce76618d6be31f5e877464607cfeae7d3
            • Instruction ID: 036440d789ba74a1504259e4adc1bf36919ffb3eeb76309873cc29438444da5f
            • Opcode Fuzzy Hash: 874374037690d482bc113b8387e9d7bce76618d6be31f5e877464607cfeae7d3
            • Instruction Fuzzy Hash: 3A41F07222468492DB62DF16E4913EA6370F7C9BD4F405111FB8D476A9DF7CCA06CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000BEA8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: MetricsSystem$Item$??3@
            • String ID: 100%%
            • API String ID: 1133332389-568723177
            • Opcode ID: 89b7c521e17bd2ea40451f682f150fb257f2283d3bc3e302c92a80b929b6d9aa
            • Instruction ID: b7e5cbe1fcc40e9654c76361201d91b8f33cf6de00aee79a88ea99a43c7760db
            • Opcode Fuzzy Hash: 89b7c521e17bd2ea40451f682f150fb257f2283d3bc3e302c92a80b929b6d9aa
            • Instruction Fuzzy Hash: 44413DB261464687EB52DF3AE8443A933B1F78CB98F115115FB4A472A9DF38CC44CB44
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000C2E8 Relevance: 10.6, APIs: 7, Instructions: 54threadtimeinjectionCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Thread$DialogTimer$KillResumeSuspendTerminate
            • String ID:
            • API String ID: 815346346-0
            • Opcode ID: fac7d4e5942cdb2efa8289fbc360c5cf8d272b5be83eb2dbf073c8ebca295cbe
            • Instruction ID: 83f87d55712751966222477489a7d7af00309a825a222f7cadbb10011fa9f1b3
            • Opcode Fuzzy Hash: fac7d4e5942cdb2efa8289fbc360c5cf8d272b5be83eb2dbf073c8ebca295cbe
            • Instruction Fuzzy Hash: DE210871221A0086FB16DB27F954BE873A1EB9CBD5F058119EB464B6B6CB798C848740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400122E0 Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 240COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: memset$memcpy
            • String ID: MZ`
            • API String ID: 368790112-2330268423
            • Opcode ID: 51d7a50a57a273631c60acd70143d91eec59d02dadd8de15fed89084a2fb2e4d
            • Instruction ID: a60bcc020994de79551979a6d8ccac49ac24f225807f4328ce31d9b90e429d21
            • Opcode Fuzzy Hash: 51d7a50a57a273631c60acd70143d91eec59d02dadd8de15fed89084a2fb2e4d
            • Instruction Fuzzy Hash: 30B1C6323047C0A7EB29CB26E5543EE77A1F384384F40011ADB994BB96DB3AE479CB10
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014001F8EC Relevance: 9.2, APIs: 6, Instructions: 219COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ExceptionThrow$??3@$??2@memcpy
            • String ID:
            • API String ID: 4165819386-0
            • Opcode ID: 59f6a0a09a6be052dd6f5c788b1b62940a7cbd88e93632abd6137a59a78e0898
            • Instruction ID: 2b5d6d984cd06daa418e5c0a5a9a762c666e23ebcf80e84a58ed1ddde5e58561
            • Opcode Fuzzy Hash: 59f6a0a09a6be052dd6f5c788b1b62940a7cbd88e93632abd6137a59a78e0898
            • Instruction Fuzzy Hash: 89919C7220478496EA32AB26D5943EE7360F78D7D4F400526EF8E4BBA6DF3AC415C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000FED0 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@??3@memcpy
            • String ID:
            • API String ID: 1695611338-0
            • Opcode ID: 2e78267f0e2a1844cc7d10f9070972ae4aeb5c867ba33dc774102358213e8df7
            • Instruction ID: 8c6f33eece85ed00ead372061efc94821a02db55b8ae8b4f8ffe1b14aa20cf6c
            • Opcode Fuzzy Hash: 2e78267f0e2a1844cc7d10f9070972ae4aeb5c867ba33dc774102358213e8df7
            • Instruction Fuzzy Hash: 025185B2201B908AEB66CF27E5407A977A0F70EBC4F148116EF8D17B55EB76D9A0C300
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140018588 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ExceptionThrow$??2@??3@memcpy
            • String ID:
            • API String ID: 343384133-0
            • Opcode ID: e8ddff8425364dc01404ccdc1c2417ed8c61eaea6b6999d5b829b3357c549c38
            • Instruction ID: 556e7273d66f44b3c971e55782d9f332f452dc05b110076726e16249fbe281d8
            • Opcode Fuzzy Hash: e8ddff8425364dc01404ccdc1c2417ed8c61eaea6b6999d5b829b3357c549c38
            • Instruction Fuzzy Hash: 0F21AC72201B8481EB1ADB16D481389B7A5E78CBC4F54841AEF0917BBACB79CE86C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140007BE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 113COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@
            • String ID: ;!@Install@!UTF-8!$;!@InstallEnd@!
            • API String ID: 613200358-372238525
            • Opcode ID: ba4bf318911b61b27174c485e5dbc8b030d162f0f7d4bef85cfb33322df9d48c
            • Instruction ID: 1a55262f4ed05b6dd80ccd456cbc08e3c16c2dd83afbbdc52573331cd0ecb865
            • Opcode Fuzzy Hash: ba4bf318911b61b27174c485e5dbc8b030d162f0f7d4bef85cfb33322df9d48c
            • Instruction Fuzzy Hash: 6F514C72614A8582EB22DB12F4403EAA7A1F7DD7D8F541216FB8D476AADB3CC605CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140001000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52stringCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: wsprintf$ExitProcesslstrcat
            • String ID: 0x%p
            • API String ID: 2530384128-1745605757
            • Opcode ID: 7ca85961a432858a5287f958acff3f5db72a40daf6c0b412f97bcf7cdbf9e76d
            • Instruction ID: cd6256386a8921e0c9af8c1830ea2bd67bb414ca23f1f90368618b702708356c
            • Opcode Fuzzy Hash: 7ca85961a432858a5287f958acff3f5db72a40daf6c0b412f97bcf7cdbf9e76d
            • Instruction Fuzzy Hash: BC212C72600A8692EB22DF62F4543D93370F78C7C4F804129AB89037B6EF78C995CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000BAF8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@ItemTextWindowwsprintf
            • String ID: (%d%s)
            • API String ID: 19352476-2087557067
            • Opcode ID: 1825c6a26f529c68f805ab4c91239c72c2ecf6dde0a12904335fa9f47149b37d
            • Instruction ID: c2757bb1cdb7cf1ca0d98992e28b2c5cd1b96b09125c558baacd838e6025e105
            • Opcode Fuzzy Hash: 1825c6a26f529c68f805ab4c91239c72c2ecf6dde0a12904335fa9f47149b37d
            • Instruction Fuzzy Hash: 7C21297221468586DB21EF22E4543AA7371FB89BC9F404116FB894BBA9DB3CC946CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000AF14 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: AddressLibraryLoadProcWindow
            • String ID: SetWindowTheme$uxtheme
            • API String ID: 1082215438-1369271589
            • Opcode ID: c6d65d4fa7152fdce7dde2593b2eef2279cb1bd3d455aa975498c23a32524551
            • Instruction ID: 6af782595d2ee8e2db10cdec27669aa385ef22b8cd850645ad57599461334a59
            • Opcode Fuzzy Hash: c6d65d4fa7152fdce7dde2593b2eef2279cb1bd3d455aa975498c23a32524551
            • Instruction Fuzzy Hash: 90F0F9B0305A4191EE46DB63F8847E963A1AB4DBC0F585039BB1E07375EE3CD949C304
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000666C Relevance: 7.6, APIs: 5, Instructions: 82stringCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$lstrlen
            • String ID:
            • API String ID: 2031685711-0
            • Opcode ID: 1c491dae6de06989a6d5025431ad05d51f6dad52472c1ca85a72efcfe3cb2044
            • Instruction ID: 0225852f7739b59731079178c557d6fe29928151f651f0b8a3b4baeb13dceb14
            • Opcode Fuzzy Hash: 1c491dae6de06989a6d5025431ad05d51f6dad52472c1ca85a72efcfe3cb2044
            • Instruction Fuzzy Hash: 7F31ABB2208A4481EB22DF22F4913EA63A1F788BC8F548026FF8D576B5DF7DC9458741
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000BBC8 Relevance: 7.6, APIs: 5, Instructions: 78timeCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@Item$Timer
            • String ID:
            • API String ID: 4119539950-0
            • Opcode ID: 5c11db411503e0c00aeee3160634f6f9f645a4baea3db4e6eb0d38535d48a5c0
            • Instruction ID: c2d0fc6287c4ea12be7244f7d32978afc2790e5f7a47df7677f85223577b785c
            • Opcode Fuzzy Hash: 5c11db411503e0c00aeee3160634f6f9f645a4baea3db4e6eb0d38535d48a5c0
            • Instruction Fuzzy Hash: 58314C7260064182EB21DB17F4503AAA3A1F7DDBD8F148125EB89477B5DF7CC942CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000FCB0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@memcpy$??2@
            • String ID:
            • API String ID: 2407475205-0
            • Opcode ID: c477fd48c61382c83461375b2eb5a96fef6fd05e31e531dd5e93dc0fc9132f3a
            • Instruction ID: e1dcb932aeda8c14b221736b077e349d8edf68299e8cb47a1b2510dda04a765b
            • Opcode Fuzzy Hash: c477fd48c61382c83461375b2eb5a96fef6fd05e31e531dd5e93dc0fc9132f3a
            • Instruction Fuzzy Hash: B831C2B6211B5486DB55CF26E98035873B8F34CFD4B24522AEF8D43B68DB35D8A2C740
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000CC74 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Item$Window$Long$System$ClientHandleLoadMessageMetricsModuleScreenSendText$DirectoryFileFocusIconImageInfoParentRectShow
            • String ID:
            • API String ID: 1138730274-0
            • Opcode ID: 91bd0922984f6835392c0161a47438b2b6cbb55ba6e04e19c88928f38cb9d400
            • Instruction ID: 4afe2f3a4d1ee666d08244dac2c432b85ba429c63bcf4d4053467f648740bf3e
            • Opcode Fuzzy Hash: 91bd0922984f6835392c0161a47438b2b6cbb55ba6e04e19c88928f38cb9d400
            • Instruction Fuzzy Hash: C5218C76704A8582EB11DB26F9843DAB361FB8CBC4F504025AF4A43BA5DF3CC9168B00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000C6EC Relevance: 7.5, APIs: 5, Instructions: 39threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: CurrentHookThreadWindows$??3@DialogItemTextWindowwsprintf
            • String ID:
            • API String ID: 3524378390-0
            • Opcode ID: dc8895ad33046bf98ae5a62232f52f7fa6a9317188c46a6017a1b357d453a923
            • Instruction ID: 2ed6bbf3eb8795f5216fde1e4314f4f225e52507604333b267f4148385a72a33
            • Opcode Fuzzy Hash: dc8895ad33046bf98ae5a62232f52f7fa6a9317188c46a6017a1b357d453a923
            • Instruction Fuzzy Hash: 0B1179B6215A4482EB12EB27F848BD833A0F75CBC8F114018E71A03AB1DF789898CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014002378C Relevance: 7.5, APIs: 5, Instructions: 39timethreadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
            • String ID:
            • API String ID: 1445889803-0
            • Opcode ID: a880cda3cb84ba9258de0f8a5bfb240fcdc2ae1ef1647e9d9b2b24c99fef0d51
            • Instruction ID: 6ccee3a3a539053538efcd8899d491f1a7117339fbd9e74b0a102491421af6c2
            • Opcode Fuzzy Hash: a880cda3cb84ba9258de0f8a5bfb240fcdc2ae1ef1647e9d9b2b24c99fef0d51
            • Instruction Fuzzy Hash: 25012931265A4482EB928F22F8843D57360F74DBD4F456628FF5E4BBB4DA38CD998700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B660 Relevance: 7.5, APIs: 5, Instructions: 33windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@Item$TextWindow$Focus
            • String ID:
            • API String ID: 1467601455-0
            • Opcode ID: 84cc39b8c6da9ff15583e7b0b1e1df766a6e73d03c3016cc09b09cef6c3442da
            • Instruction ID: f32c6ae350f212fba6946d34dd20b6ffccf16695ebf04447abfda4a1d27138ed
            • Opcode Fuzzy Hash: 84cc39b8c6da9ff15583e7b0b1e1df766a6e73d03c3016cc09b09cef6c3442da
            • Instruction Fuzzy Hash: 2C01E439601B9082EB15AB53F8543AA7361FB8CFD5F59802AAF5E43B69CE3CD8418700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140003BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??3@$??2@$ByteCharMultiWide
            • String ID: X
            • API String ID: 319580807-3081909835
            • Opcode ID: 3060e3ddbb5a66046cc76b1366c3d6e0e27be5e567a6b4b0a147fb46be4641a9
            • Instruction ID: 5b5cd8eb8d9a394be84bce08e6ce385cb81ab7cfc506db74b41fa3736c061475
            • Opcode Fuzzy Hash: 3060e3ddbb5a66046cc76b1366c3d6e0e27be5e567a6b4b0a147fb46be4641a9
            • Instruction Fuzzy Hash: 72518DB660468086DB22DF12E0417DE77A4F78CBC4F508026FB89537AADB38C951CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B990 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Item$BrowseFocusFolderFromListMallocPathTextWindowmemset
            • String ID: A
            • API String ID: 1716548450-3554254475
            • Opcode ID: 6c7e4313427580dbf2790ced307f3eda4023ce1d053944859fba7b3fef65107a
            • Instruction ID: 3b16c38e347526199c3c70abaf3893b3f694cb5dd486eda796fea805939d9e8e
            • Opcode Fuzzy Hash: 6c7e4313427580dbf2790ced307f3eda4023ce1d053944859fba7b3fef65107a
            • Instruction Fuzzy Hash: 1B112B76705A8482EE65DF12F4843E9A3A0FBC8BC4F444125EB5D43A69DF7CC948CB01
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140010100 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ??2@$??3@memcpy$CriticalEnterSection
            • String ID:
            • API String ID: 1017973888-0
            • Opcode ID: cc90200b92cee2bb4d30fea8b75d6bdd50713c0a19fd5b76801b32f42d06977f
            • Instruction ID: b59ec501bdad7cfb71afe7ee65815f32eb103330be712b5f4d53ce8f8ed15711
            • Opcode Fuzzy Hash: cc90200b92cee2bb4d30fea8b75d6bdd50713c0a19fd5b76801b32f42d06977f
            • Instruction Fuzzy Hash: 6E412471200A4091FA62EB23E9513E933A1E75C7C4F844125FF4E4BABAEE79CA45D741
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000C5E4 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ClientRect$CallHookKillNextScreenTimer
            • String ID:
            • API String ID: 3015594791-0
            • Opcode ID: d4e13a6410281f1f6a09a432693b45918f6bf97c599566514008f3ae3b83878b
            • Instruction ID: ae2fea2a4711727d1841370e253081b473d0f88f786ced071b0fc0ba9d8ce2f7
            • Opcode Fuzzy Hash: d4e13a6410281f1f6a09a432693b45918f6bf97c599566514008f3ae3b83878b
            • Instruction Fuzzy Hash: 36111972216A4582EB22DB17F840BA96361F78CBC4F554126FB5D83274DF3AC956C700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000FAD0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: memcpy$??2@??3@
            • String ID:
            • API String ID: 1252195045-0
            • Opcode ID: ed690ab9734ccaa0980e5be633517e8d12b6801db14904a6273deacd39c0ab80
            • Instruction ID: 3019c4301fe5f25c1463b6b73d69c8ffef356320028beaaacfcaee97f1e8da61
            • Opcode Fuzzy Hash: ed690ab9734ccaa0980e5be633517e8d12b6801db14904a6273deacd39c0ab80
            • Instruction Fuzzy Hash: 06016932214A9481DB919F13E9403ADA3A5E749FC4F085015FF4907FA9CF38C9428700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000B31C Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateFontIndirectItemMessageObjectSend
            • String ID:
            • API String ID: 2001801573-0
            • Opcode ID: 6d5e2a21974a0290d11c7cc069466e81e0e3acebe0581a5b81791f05c34418aa
            • Instruction ID: 5b5f0f544e075b38f7cf9bb66e7d81e952aa3e301a5bb0f5f8535e265778bb14
            • Opcode Fuzzy Hash: 6d5e2a21974a0290d11c7cc069466e81e0e3acebe0581a5b81791f05c34418aa
            • Instruction Fuzzy Hash: FB013C76201B8482EB618F52F55479977A0FB8CBC4F188129EF89477A4DF3CC949CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400025E0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ClientScreen$ParentRectWindow
            • String ID:
            • API String ID: 2099118873-0
            • Opcode ID: 7de5d91b1c8bf6cbd024f117699c573025403ec0b072b76e2df3440ff88d1a8d
            • Instruction ID: 38c9ab16e3656cf884b3a0d012cb3ee7a59ba000c018e5caaf81826846b1f683
            • Opcode Fuzzy Hash: 7de5d91b1c8bf6cbd024f117699c573025403ec0b072b76e2df3440ff88d1a8d
            • Instruction Fuzzy Hash: B7F01C71715B9182EB158B13B84435A6324EB8CFC0F499024EF9A07B69DE3CC8968700
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140007164 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: MetricsSystem$??3@wsprintf
            • String ID: %X - %03X - %03X - %03X - %03X
            • API String ID: 1174869416-1993364030
            • Opcode ID: 376463cde95f503065a0372f77d04eb21846589c3f58d58d4a90efb5eb6e9f57
            • Instruction ID: 43316a8ab08d6cdf5443f45d8848dbdc911347861ce22d0c71f5014197a009eb
            • Opcode Fuzzy Hash: 376463cde95f503065a0372f77d04eb21846589c3f58d58d4a90efb5eb6e9f57
            • Instruction Fuzzy Hash: 6F3110B1614A8592EB12EF52F4813D96324F79C3C4F904026FB4D476AADF7DC949CB00
            Uniqueness

            Uniqueness Score: -1.00%

            Function 000000014000AE64 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ClientItemScreenWindow$ParentRect
            • String ID: $
            • API String ID: 2675214473-227171996
            • Opcode ID: c4bd72f434b48c830ab944ecceff824468277ff1dde444ce723d8924a88d7d06
            • Instruction ID: 6c4cc5823688e27172d32cf8a1c5b4521fe4e29dd84c211cf8c9a3571c7da24d
            • Opcode Fuzzy Hash: c4bd72f434b48c830ab944ecceff824468277ff1dde444ce723d8924a88d7d06
            • Instruction Fuzzy Hash: CA115E7221464587C714CF2AF4447AABBA1F3C9BD8F148215FB4547B68DB3CD845CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400234C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: __set_app_type__setusermatherr
            • String ID: MZ`
            • API String ID: 2629043507-2330268423
            • Opcode ID: 6eb9fe68b76b86fdacad53cbffd465042498b33527e63477702210e03248e05a
            • Instruction ID: 63d6acfbcff2126a63b64981d0d41e13731eef29f639e16b51def6bfc5f6d4f3
            • Opcode Fuzzy Hash: 6eb9fe68b76b86fdacad53cbffd465042498b33527e63477702210e03248e05a
            • Instruction Fuzzy Hash: 0421FC74A01650CAEB53DB26E8583E933E0A74CBE5F504939F719832F0DA398C85CB02
            Uniqueness

            Uniqueness Score: -1.00%

            Function 00000001400077CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: ErrorLast_wtol
            • String ID:
            • API String ID: 3876490843-3916222277
            • Opcode ID: e232e1c712239dce0f4757f01bad8d1eac7c625181fbeca099144479924383bb
            • Instruction ID: 9285bdcc729afaec87a5660a9b1b0767a40db37683134d4101bfa17f3d11a53d
            • Opcode Fuzzy Hash: e232e1c712239dce0f4757f01bad8d1eac7c625181fbeca099144479924383bb
            • Instruction Fuzzy Hash: FBF0FFB1E5110185FBB7AB736819BE911A1DB18BD5F58D411EB0A834E1EA7D4882C345
            Uniqueness

            Uniqueness Score: -1.00%

            Function 0000000140006298 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9windowCOMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693452490.0000000140001000.00000020.00000001.01000000.00000003.sdmp, Offset: 0000000140000000, based on PE: true
            • Associated: 00000000.00000002.1693421046.0000000140000000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693556586.0000000140024000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693639983.000000014002B000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693697026.0000000140031000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_140000000_SecuriteInfo.jbxd
            Similarity
            • API ID: Message
            • String ID: 7-Zip SFX$Could not allocate memory
            • API String ID: 2030045667-3806377612
            • Opcode ID: 55e790162cb9d03b800ad38cadaf8a296740c2b12dfa7a067b1f688dd9b005c7
            • Instruction ID: 00f643229744ea2e971361a3c52e96a6143b82f901bc8b741ef78121efc3b944
            • Opcode Fuzzy Hash: 55e790162cb9d03b800ad38cadaf8a296740c2b12dfa7a067b1f688dd9b005c7
            • Instruction Fuzzy Hash: 2BC08C3870060AC0EB1A7B23AC627D01260B31C389FC0080AD60547630CFBCC68B8744
            Uniqueness

            Uniqueness Score: -1.00%